diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 14:53:52 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 14:53:52 +0000 |
commit | 3ed143456d4270196c89e8e7e57badd439b44df4 (patch) | |
tree | fb241ff60337a450c34bfa02210a10fe0ddc9073 /debian | |
parent | Adding upstream version 2.5.7. (diff) | |
download | isc-kea-debian.tar.xz isc-kea-debian.zip |
Adding debian version 2.4.1-3.debian/2.4.1-3debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
72 files changed, 4640 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..ad1bd54 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,39 @@ +isc-kea (2.2.0-8) unstable; urgency=medium + + Require user authentication to access the kea-ctrl-agent API service. + + Upgrades from previous versions, or fresh installs, will get a debconf + "high" priority prompt with 3 options: + - no action (default) + - configure with a random password + - configure with a given password + + If there is no password, the kea-ctrl-agent will NOT start. + + The password is expected to be in /etc/kea/kea-api-password, with ownership + root:_kea and permissions 0640. To change it, run `dpkg-reconfigure + kea-ctrl-agent` (which will present the same 3 options from above again), or + just edit the file manually. + + -- Andreas Hasenack <andreas@canonical.com> Fri, 17 Mar 2023 11:28:49 -0300 + +isc-kea (2.2.0-3) unstable; urgency=medium + + Starting with this upload, all the kea services are confined by default with + apparmor (if it's enabled on the host). + + -- Paride Legovini <paride@debian.org> Fri, 17 Feb 2023 19:59:43 +0100 + +isc-kea (2.2.0-2) unstable; urgency=medium + + The control sockets were moved to /run/kea (Closes: #1014929) + + keactrl is no longer being installed. This script is not systemd-aware and + not installed by the upstream .deb packages. + + Default logging of all kea services is set to "output" in their respective + configuration files. This means they end up in the systemd journal logging. + (Closes: #1016747) + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 14 Feb 2023 11:24:58 -0300 + diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..5e170cb --- /dev/null +++ b/debian/changelog @@ -0,0 +1,522 @@ +isc-kea (2.4.1-3) unstable; urgency=medium + + [ Paride Legovini ] + * d/t/smoke-test: add sleep to allow for the services to start + * d/t/kea-ctrl-agent-debconf override systemd restart limit. + Thanks to Andreas Hasenack + * ci: salsa pipeline: disable the crossbuild-arm64 job + * ci: salsa pipeline: fail on Lintian warnings + * d/*.l-o: drop unused overrides + * kea-dev: build and install kea-msg-compiler. + Thanks to Quentin Armitage (Closes: #1065362) + * d/kea-dev.l-o: override no-manual-page for kea-msg-compiler + * ci: salsa pipeline: enable reprotest, without build_path variation. + Thanks to Holger Levsen + * d/p/0001-support_kfreebsd.patch: drop patch. + The development of Debian GNU/kFreeBSD terminated in July 2023. + * d/p/0011-kea-ctrl-agent-authentication.patch: add dep-3 headers + * d/*.init: fix SysV init scripts. + Thanks to Stefan Klein (Closes: #1055438) + * d/rules: disable LTO on ppc64el as it causes crashes. + Thanks to Sergio Durigan Junior (LP: #2055151) + + [ Andreas Hasenack ] + * apparmor: also allow reading the pid file. + At least kea-ctrl-agent attempts to read the pid file, and it makes + sense to allow that. Also make the change for all other profiles. + + -- Paride Legovini <paride@debian.org> Fri, 29 Mar 2024 16:38:54 +0100 + +isc-kea (2.4.1-2) unstable; urgency=medium + + * Team upload. + + [ Athos Ribeiro ] + * d/*.service: Remove dhcp{4,6} WantedBy statements + + [ Paride Legovini ] + * d/po/fr.po: add French templates translation. + Thanks to Jean-Pierre Giraud (Closes: #1059863) + * d/copyright: update copyright years for debian/* + + [ Andreas Hasenack ] + * apparmor: add missing include directive. + Add a missing include directive to all profiles include the + site-specific additions and overrides. (Closes: #1064513) + + -- Andreas Hasenack <andreas@canonical.com> Mon, 26 Feb 2024 10:32:35 -0300 + +isc-kea (2.4.1-1) unstable; urgency=medium + + * New upstream version 2.4.1 + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 14 Dec 2023 17:21:04 -0300 + +isc-kea (2.4.0-1) unstable; urgency=medium + + [ Paride Legovini ] + * d/control: add Athos Ribeiro to Uploaders + * d/*.init: specify the daemons' full path. + Thanks to Alessandro Vesely (Closes: #1052338) + + [ Athos Ribeiro ] + * New upstream version 2.4.0 (Closes: #1040523) + * d/patches: refresh patches + * d/rules: remove cleanup for kea_connector2.py + * d/t/kea-dhcp4: check if lease lifetime is valid + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 26 Oct 2023 09:17:18 -0300 + +isc-kea (2.2.1-3) unstable; urgency=medium + + [ Andreas Hasenack ] + * apparmor: allow kea-ctrl-agent to access IPv6 sockets + (Closes: #1052764) + + -- Paride Legovini <paride@debian.org> Wed, 27 Sep 2023 14:47:14 +0200 + +isc-kea (2.2.1-2) unstable; urgency=medium + + * d/po/de.po: add German debconf translation. + Thanks to Christoph Brinkhaus (Closes: #1041710) + * d/po/es.po: add Spanish debconf translation. + Thanks to Camaleón (Closes: #1041772) + * d/po/nl.po: add Dutch debconf translation. + Thanks to Frans Spiesschaert (Closes: #1041875) + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Sun, 10 Sep 2023 10:09:52 -0300 + +isc-kea (2.2.1-1) unstable; urgency=medium + + * d/u/signing-key.asc: update upstream signing key + * New upstream version 2.2.1 + * Fix typo in debconf string. + Thanks to Helge Kreutzmann (Closes: #1041394) + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Fri, 04 Aug 2023 07:37:08 -0300 + +isc-kea (2.2.0-8) unstable; urgency=medium + + [ Athos Ribeiro ] + * d/rules: add strict shlibs control file + + [ Andreas Hasenack ] + * Restrict access to the default RESTful API on 127.0.0.1:8000 to + authenticated users (Closes: #1033367) (LP #2007312): + - Add debconf templates to restrict API access + - d/control: add debconf build-deps + - d/kea-ctrl-agent.postinst: handle kea-api password creation + - d/kea-ctrl-agent.config: prepare debconf questions + - d/kea-ctrl-agent.postrm: purge api password file + - d/p/0011-kea-ctrl-agent-authentication.patch + - d/t/kea-ctrl-agent.service: require a non-empty kea api password file + - d/t/control, d/t/kea-ctrl-agent-debconf: test debconf options + - d/t/smoke-tests, d/t/kea-dhcp4: support kea-ctrl-agent authentication + * d/NEWS: update with noteworthy changes + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 04 Jul 2023 10:40:32 -0300 + +isc-kea (2.2.0-6) unstable; urgency=medium + + [ Andreas Hasenack ] + * apparmor: use the apparmor nameservice abstraction. + Use the apparmor nameservice abstraction instead of hand-picked rules. + (Closes: #1033640, #1033639) + + -- Paride Legovini <paride@debian.org> Mon, 03 Apr 2023 12:48:28 +0200 + +isc-kea (2.2.0-5) unstable; urgency=medium + + [ Paride Legovini ] + * d/control: update to Standards-Version 4.6.2, no changes needed + + [ Andreas Hasenack ] + * d/t/kea-dhcp4.conf.template: retry opening a socket. Sometimes the + `keabr0` bridge used in the DEP8 test takes a while to become ready, and + kea-dhcp4 fails to open a socket on it. Add configuration options to + kea-dhcp4 to retry opening the socket a few times before giving up. + (LP: #2008932) + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 02 Mar 2023 14:00:17 -0300 + +isc-kea (2.2.0-4) unstable; urgency=medium + + [ Athos Ribeiro ] + * d/rules: use MathJax from libjs-mathjax instead loading from external CDN + + [ Andreas Hasenack ] + * d/t/kea-dhcp4: make the test more robust + - increase dhclient timeout to 60s, and run in verbose mode + - show logs in the case of failure + - set +e inside the cleanup handler + - fix resolv.conf regexp + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 27 Feb 2023 14:58:26 -0300 + +isc-kea (2.2.0-3) unstable; urgency=medium + + [ Andreas Hasenack ] + * Add apparmor profiles. + - d/control: add build-depends on dh-apparmor + - d/usr.sbin.kea-*: add the profiles + - d/kea-*.install: install the profiles + - d/rules: use dh_apparmor to enable the profiles + * d/tests: Add DEP8 test for kea-dhcp4 + + -- Paride Legovini <paride@debian.org> Fri, 17 Feb 2023 19:59:43 +0100 + +isc-kea (2.2.0-2) unstable; urgency=medium + + [ Athos Ribeiro ] + * d/tests: add simple DEP8 smoke tests + * Set default control sockets location to /run/kea (Closes: #1014929) + (LP: #1863100) + + [ Paride Legovini ] + * d/control: drop dependency on lsb-base (obsolete) + * d/salsa-ci.yml: enable the autopkgtest job + * d/kea-common.*: + - Do not install keactrl. The keactrl script is not systemd-aware and not + installed by the upstream .deb packages. Remove it from the Debian + packaging + - Leave handling of /var/*/kea directories to systemd. No need to create + them in packaging as the systemd units will automatically create them + with the right ownership and permissions + * d/*.service: + - Do not set KEA_LOGGER_DESTINATION. The variable is meant to tell the + daemons where to log *before* their config files are loaded. If unset + the default is stdout, which works well with systemd + - Do not set KEA_PIDFILE_DIR. What we set it to corresponds to the + defaults. The documentation says that KEA_PIDFILE_DIR "is intended + primarily for testing" + * d/rules: use the systemd journal for logging (Closes: #1016747) + (LP: #2006522) + * d/kea-doc.README.Debian: document how logging is done by default + * d/tests/smoke-tests: check location of PID and lock files + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 14 Feb 2023 11:24:58 -0300 + +isc-kea (2.2.0-1) unstable; urgency=medium + + * New upstream version 2.2.0. + Thanks to Daniel Baumann (Closes: #1016109) + * debian/patches: + - 0002-kea_admin_fix.patch: refresh patch + - 0007-keyctrl-colored-ddns-status.patch: drop patch (fixed upstream) + - 0009-disable-database-tests.patch: refresh patch + - 0010-build-libco-when-gtest-is-not-enabled: drop patch (fixed upstream) + - 0011-sphinx-set-language.patch: drop patch (fixed upstream) + * d/kea-doc.doc-base: register documentation to doc-base + * Lintian overrides: + - *.lintian-overrides: adapt to "pointed hints" syntax + - kea-admin.l-o: bash-term-in-posix-shell (false positives) + - d/kea-doc.l-o: add overrides for sphinx installed fonts. + + font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*] + + font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*] + * d/copyright: remove file patterns made unnecessary by new release + * d/salsa-ci.yml: add salsa CI + + -- Paride Legovini <paride@debian.org> Tue, 02 Aug 2022 12:16:45 +0000 + +isc-kea (2.0.2-3) unstable; urgency=medium + + * d/rules: configure: specify the Python site packages location. + Related changes: + - d/python3-kea-connector.install: update paths accordingly + Thanks to Kilian Krause (Closes: #1014995) + + -- Paride Legovini <paride@debian.org> Wed, 20 Jul 2022 16:03:19 +0000 + +isc-kea (2.0.2-2) unstable; urgency=medium + + * d/patches: explicitly set the sphinx doc language. + Needed for compatibility with Sphinx 5.0. New patch: + - d/p/0011-sphinx-set-language.patch (Closes: #1013407) + * d/control: bump Standards-Version to 4.6.1, no changes needed + * d/gbp.conf: debian-branch = debian/unstable (DEP-14) + * d/gbp.conf: enable use of pristine-tar + * d/watch.include-odd-versions: alternative watch file. + Also covers the odd-numbered (= devel) upstream releases. + + -- Paride Legovini <paride@debian.org> Sun, 26 Jun 2022 14:48:25 +0000 + +isc-kea (2.0.2-1) unstable; urgency=medium + + * New upstream version 2.0.2 + + -- Paride Legovini <paride@debian.org> Mon, 07 Mar 2022 21:13:17 +0000 + +isc-kea (2.0.1-2) unstable; urgency=medium + + * Upload to Debian unstable + * wrap-and-sort -bast (cosmetic) + + -- Paride Legovini <paride@debian.org> Sun, 30 Jan 2022 19:39:09 +0100 + +isc-kea (2.0.1-1) experimental; urgency=medium + + * New upstream version 2.0.1 (Closes: #954768, #973641) + * d/watch: fix search path and only match stable versions (Closes: #974611) + * d/u/signing-key.asc: replace with new key for 2021-2022. + * d/control: + - Update Standards-Version to 4.6.0 (no changes needed) + - Switch to dh compat level 13 + - Set Rules-Requires-Root: no + - Drop ORed dependency on obsolete libmysqlclient-dev + - Add python3-kea-connector dependency to kea-ctrl-agent + - Build-Depend on procps (test dependency) + - Drop Section: libs for kea-common (fallback to Section: net) + - Minor cosmetic changes to the descriptions + * d/rules: + - Don't pass --as-needed to ld (it's now the default) + - Drop explicit `dh_missing --fail-missing` (default in dh 13) + - Drop useless override_dh_auto_make target + - Drop override_dh_clean (not needed) + - Use execute_after_* targets where appropriate + - Do not ignore the test results + - Drop unnecessary $@ in override_dh_auto_configure + - Disable out-of-source building (dh -B) + - Set localstatedir to /var (Closes: #959149) + - Delete __pycache__ recursively + - Don't delete keactrl.8 + - Drop `dh_installdocs -A`: it prevents using a main doc package + - Build perfdhcp (configure flag: --enable-perfdhcp) + * d/patches: + - 0001-support_kfreebsd: refresh patch + - 0002-kea_admin_fix: refresh patch + - 0003-Use-runstatedir-for-pid-file-location.patch: drop, fixed upstream + - d/p/0004-Put-KEA_LOCKFILE_DIR-to-runstatedir.patch: drop patch. + Replaced by setting the KEA_LOCKFILE_DIR environment variable. + - 0007-keyctrl-colored-ddns-status.patch: add patch + - 0009-disable-database-tests.patch: add patch. + Skip the database tests (problematic to run in automation). + - 0010-build-libco-when-gtest-is-not-enabled.patch: add patch. + Fix test suite fails if Kea is built without gtest. + - Always use the .patch extension for uniformity + * d/docs: drop file, replaced by kea-doc.docs + * d/kea-doc.install: drop file, replaced by d/kea-doc.docs + * d/kea-admin.install: install perfdhcp + * d/*.install: move manpages to d/*.manpages + * d/kea-common.manpages: install keactrl.8 + * d/kea-doc.docs: + - Add CONTRIBUTING.md + - Install the API reference + * d/not-installed: refresh list of not-installed files + * d/s/lintian-overrides: override very-long-line-length-in-source-file + * d/kea-common.l-o: override script-not-executable etc/kea/keactrl.conf. + Has a shebang but it's meant to be sourced, not executed. + * d/u/metadata: add upstream metadata file + * d/copyright: + - Add Canonical Ltd. for debian/* + - Drop references to nonexisting files + * d/control: add Paride Legovini to Uploaders + + -- Paride Legovini <paride@debian.org> Thu, 27 Jan 2022 12:27:23 +0100 + +isc-kea (1.7.5-1) unstable; urgency=medium + + * Bump dh compat to 12, bump debian standard to 4.5.0 + (dh_compat v11 is broken and should not be used) + * New upstream version 1.7.5 + * Security issues fixed since 1.5.0-2: + + CVE-2019-6472: A packet containing a malformed DUID can cause the + kea-dhcp6 server to terminate + + CVE-2019-6473: An invalid hostname option can cause the kea-dhcp4 + server to terminate + + CVE-2019-6474: An oversight when validating incoming client requests + can lead to a situation where the Kea server will exit when trying to + restart + * Add python3-sphinx and python3-sphinx-rtd-theme to Build-Depends to + build the documentation + * Adjust installed files + * Add 'kea' metapackage that depends on all server components of Kea + * Fix more ISC KEA -> Kea naming + * Cleanup the lintian warnings + + -- Ondřej Surý <ondrej@debian.org> Mon, 23 Mar 2020 11:11:05 +0100 + +isc-kea (1.5.0-2) unstable; urgency=medium + + [ Jason Guy ] + * Stop deleting _kea user and group on postrm for security + * Drop debhelper compat to v11; v12 adds dependency on init-system-helpers + (>=1.52), and stretch uses 1.48. + + [ Badreddin Aboubakr ] + * Fix systemd service file & create group kea + * Fix maintaner scripts to handle the _kea group (Closes: #924105) + + [ Michal Nowikowski ] + * Fixed names of referenced services in WantedBy fields + + -- Ondřej Surý <ondrej@sury.org> Wed, 12 Jun 2019 16:11:11 +0200 + +isc-kea (1.5.0-1) unstable; urgency=medium + + [ Ondřej Surý ] + * New upstream version 1.5.0 (Closes: #916288) + * Update d/watch to use better mangling and https:// URL + * Update ISC signing key + * Bump debhelper compat level to v12 + * Fix some default paths to use runstatedir + * Create a non-privileged user _kea and run the Kea services under that user + (Closes: #910671) + * Add the netconf stuff to d/not-installed + * Greatly simplify d/copyright (Closes: #905214) + * Fix dpkg-statoverride usage in maintscripts + * Add adduser to kea-common Depends + * Add Pre-Depends: ${misc:Pre-Depends} for systemd Pre-Depends + * DHCPv4 daemon also needs CAP_NET_RAW + * It's Kea, not ISC KEA; fix the .service files + + [ Yuval Freund ] + * Fix python dep issue. (Closes: #905977, #908491) + + [ Badreddin Aboubakr ] + * Fix systemd Unit Files + + Change lock directory (systemd nesting issue) + + Quote RuntimeDirectory + + Remove "LogsDirectory" and "LogsDirectoryMode" (they are not + supported in systemd 232) + + [ Jason Guy ] + * Added a new patch to fix the kea-admin script. + * Fixed the postrm script (Closes: #905421) + + -- Ondřej Surý <ondrej@debian.org> Mon, 25 Feb 2019 12:12:36 +0000 + +isc-kea (1.4.0.P1-5) unstable; urgency=medium + + * Non-maintainer upload. + * Added a missing python3 dependency (Closes: #905977) + * Fixed kea-ctrl-agent dependency (Closes: #908491) + * Fixed kea-common postrm script (Closes: #905421) + * Fixed state directories (Closes: #910671) + * Fixed copyright (Closes: #905214) + * Cleaned up quilt patches. + + -- Jason Guy <jason.e.guy@gmail.com> Sun, 16 Dec 2018 19:31:18 -0500 + +isc-kea (1.4.0.P1-3) unstable; urgency=medium + + [ Ondřej Surý ] + * Install keactrl binary and manpage to kea-common package + * Make package backportable to Ubuntu Trusty that doesn't have + debian/not-installed support yet + * Tighten the permissions on the /run/lock/kea, /var/log/kea and + /var/lib/kea directory + * Merge little bits from Jason in d/control and d/rules + * Cleanup install files + + [ Jason Guy ] + * Added missing files. + * Minor fixes to the lockfile paths. + + [ Adam Majer ] + * Update ISC signing key for 2017-2018 + * Add python3-kea-connector and kea-ctrl-agent files + + -- Ondřej Surý <ondrej@debian.org> Mon, 16 Jul 2018 15:53:56 +0000 + +isc-kea (1.4.0.P1-2) unstable; urgency=medium + + * Add alternative dependency for default-libmysqlclient-dev to make + backporting easier + * Re-enable mysql and pgsql backends + + -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:14:40 +0000 + +isc-kea (1.4.0.P1-1) unstable; urgency=medium + + * New upstream version 1.4.0.P1 + + [CVE-2018-5739]: failure to release memory may exhaust system + resources (Closes: #903729) + + -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 08:51:37 +0000 + +isc-kea (1.4.0-2) experimental; urgency=medium + + * New upstream version 1.4.0 (Closes: #874501, #874501) + * Update Maintainer, Uploaders and Vcs-* Links + * Use --fail-missing to catch files not installed which should be + * Update bug numbers in d/changelog + * Add kea-admin binary into kea-admin package (Closes: #851712) + * Install hooks in kea-common package and kea-ctrl-agent into kea-utils + package + * Move kea-ctrl-agent to kea-admin package + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Jul 2018 20:00:33 +0000 + +isc-kea (1.4.0-1) experimental; urgency=medium + + * New upstream version 1.4.0 (Closes: #874501, #874501) + * Rebase patches on top of Kea 1.4 + * Use upstream conffiles + * Run d/ through wrap-and-sort -a + add dh-autoconf + * Enable autoreconf + * Don't install *.spec files + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Jul 2018 18:42:25 +0000 + +isc-kea (1.1.0-1) unstable; urgency=medium + + * New upstream version 1.1.0 (closes: #844536) + + support PostgreSQL and MySQL for host reservation for both + DHCPv4 and DHCPv6 + + allows MySQL and PostgreSQL host reservations databases + to operate in read-only mode + + extends host reservations capabilities based on specific + DHCP options. + + expanded client classification system + + DHCPv4-over-DHCPv6 - RFC7341 + * builds with default mysql library (closes: #845856) + * debian/patches: + - fix_gcc6 - removed, upstreamed + - openssl1.1 - add OpenSSL 1.1 support (closes: #828356) + + -- Adam Majer <adamm@zombino.com> Sun, 27 Nov 2016 23:07:17 +0100 + +isc-kea (1.0.0-4) unstable; urgency=medium + + * debian/rules: + + Disable warnings being treated as errors during compilation. + This fixes compilation with GCC 6.0 and Kea's use of + auto_ptr which trigger depreciation warning (closes: #831123) + * debian/patches/fix_gcc6: + + fix compilation with gcc6 C++14 + + -- Adam Majer <adamm@zombino.com> Mon, 25 Jul 2016 22:23:36 +0200 + +isc-kea (1.0.0-3) unstable; urgency=medium + + * debian/patches/support_kfreebsd: + + Add support for kFreeBSD - detect it as FreeBSD + * debian/watch: + + Only detect X.Y.Z* version formats + + Sort beta and other candidates before final release + + Verify upstream GPG signature + * debian/control: + + Remove dependency on Botan. Use OpenSSL instead. + * debian/rules: + + Disable dependency tracking for faster build + + Fix typo in configure script + * Updated .service files to start KEA services only after + network is up and time has been synced. + * Update Standard to 3.9.7. No changes. + + -- Adam Majer <adamm@zombino.com> Thu, 03 Mar 2016 20:49:02 -0600 + +isc-kea (1.0.0-2) unstable; urgency=medium + + * debian/copyright: + + Explicitly list more embedded boost headers + * debian/control: + + Do not require specific PostgreSQL version (closes: #814323) + + -- Adam Majer <adamm@zombino.com> Fri, 26 Feb 2016 13:37:51 -0600 + +isc-kea (1.0.0-1) unstable; urgency=low + + * Initial release (Closes: #759703) + + -- Adam Majer <adamm@zombino.com> Tue, 19 Jan 2016 13:15:40 -0600 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..c2d7d66 --- /dev/null +++ b/debian/control @@ -0,0 +1,178 @@ +Source: isc-kea +Section: net +Priority: optional +Maintainer: Kea <isc-kea@packages.debian.org> +Uploaders: + Adam Majer <adamm@zombino.com>, + Ondřej Surý <ondrej@debian.org>, + Jason Guy <jason.e.guy@gmail.com>, + Paride Legovini <paride@debian.org>, + Athos Ribeiro <athos.ribeiro@canonical.com>, +Build-Depends: + bison, + debhelper-compat (= 13), + default-libmysqlclient-dev, + dh-apparmor, + dh-python, + docbook, + docbook-xsl, + elinks, + flex, + libboost-dev, + libboost-system-dev, + liblog4cplus-dev, + libpq-dev, + libssl-dev, + po-debconf, + postgresql-server-dev-all, + procps, + python3-dev, + python3-sphinx, + python3-sphinx-rtd-theme, + xsltproc, +Standards-Version: 4.6.2 +Homepage: http://kea.isc.org/ +Vcs-Git: https://salsa.debian.org/debian/isc-kea.git +Vcs-Browser: https://salsa.debian.org/debian/isc-kea +Rules-Requires-Root: no + +Package: kea +Architecture: all +Depends: + kea-admin, + kea-ctrl-agent, + kea-dhcp-ddns-server, + kea-dhcp4-server, + kea-dhcp6-server, + ${misc:Depends}, +Description: DHCP server [meta] + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium + providing a very high-performance with PostgreSQL, MySQL and memfile backends. + . + This is a metapackage that depends on all server components of Kea. + +Package: kea-admin +Architecture: any +Section: admin +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Administration utilities for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides backend database initialization and migration + scripts and a DHCP benchmark tool. + +Package: kea-common +Architecture: any +Depends: + adduser, + ${misc:Depends}, + ${shlibs:Depends}, +Description: Common libraries for the Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides common libraries used by Kea servers and utilities. + +Package: kea-ctrl-agent +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + python3-kea-connector, + debconf (>= 0.5), + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: REST API service for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides the REST API service agent for Kea DHCP. + +Package: kea-dev +Architecture: any +Section: devel +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Development headers for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides headers and static libraries of the common Kea + libraries, including libdhcp++. + +Package: kea-dhcp-ddns-server +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: DHCP Dynamic DNS service + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides Dynamic DNS service to update DNS mapping based on + DHCP lease events. + +Package: kea-dhcp4-server +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: IPv4 DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium + providing a very high-performance with PostgreSQL, MySQL and memfile backends. + . + This package provides the IPv4 DHCP server. + +Package: kea-dhcp6-server +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: IPv6 DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium + providing a very high-performance with PostgreSQL, MySQL and memfile backends. + . + This package provides the IPv6 DHCP server. + +Package: kea-doc +Architecture: all +Section: doc +Depends: + ${misc:Depends}, +Recommends: + libjs-mathjax, +Description: Documentation for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides documentation for the DHCP servers. + +Package: python3-kea-connector +Architecture: all +Section: python +Depends: + ${misc:Depends}, + ${python3:Depends}, +Description: Python3 management connector for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides Python3 connector. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..d90da60 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,408 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: * +Copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") +License: MPL-2.0 + +Files: debian/* +Copyright: 2016-2018, Adam Majer <adamm@zombino.com> + 2017-2018, Jason Guy (jason.e.guy@gmail.com) + 2018-2019, Internet Systems Consortium, Inc. + 2022-2024, Canonical Ltd. +License: MPL-2.0 + +Files: src/bin/agent/agent_parser.cc + src/bin/agent/agent_parser.h + src/bin/agent/location.hh + src/bin/d2/d2_parser.cc + src/bin/d2/d2_parser.h + src/bin/d2/location.hh + src/bin/dhcp4/dhcp4_parser.cc + src/bin/dhcp4/dhcp4_parser.h + src/bin/dhcp4/location.hh + src/bin/dhcp6/dhcp6_parser.cc + src/bin/dhcp6/dhcp6_parser.h + src/bin/dhcp6/location.hh + src/lib/eval/location.hh + src/lib/eval/parser.cc + src/lib/eval/parser.h +Copyright: 2002-2015, Free Software Foundation, Inc. +License: GPL-3+-with-bison-exception + +Files: src/lib/util/encode/* +Copyright: 2002, Robert Ramey - http:www.rrsd.com . +License: BSL-1.0 + +License: GPL-3+-with-bison-exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 3 dated June, 2007, or (at + your option) any later version. + . + As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + . + On Debian systems, the complete text of version 3 of the GNU General + Public License can be found in '/usr/share/common-licenses/GPL-3'. + +License: MPL-2.0 + . + Mozilla Public License Version 2.0 + ================================== + . + 1. Definitions + -------------- + 1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + 1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + 1.3. "Contribution" + means Covered Software of a particular Contributor. + 1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + 1.5. "Incompatible With Secondary Licenses" + means + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + 1.6. "Executable Form" + means any form of the work other than Source Code Form. + 1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + 1.8. "License" + means this document. + 1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + 1.10. "Modifications" + means any of the following: + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + (b) any new file in Source Code Form that contains any Covered + Software. + 1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + 1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + 1.13. "Source Code Form" + means the form of the work preferred for making modifications. + 1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + . + 2. License Grants and Conditions + -------------------------------- + 2.1. Grants + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + (a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + (b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + . + 2.2. Effective Date + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + . + 2.3. Limitations on Grant Scope + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + (a) for any code that a Contributor has removed from Covered Software; + or + (b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + (c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + . + 2.4. Subsequent Licenses + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + . + 2.5. Representation + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights + to grant the rights to its Contributions conveyed by this License. + . + 2.6. Fair Use + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + . + 2.7. Conditions + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted + in Section 2.1. + . + 3. Responsibilities + ------------------- + 3.1. Distribution of Source Form + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + . + 3.2. Distribution of Executable Form + If You distribute Covered Software in Executable Form then: + (a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + (b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + 3.3. Distribution of a Larger Work + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + . + 3.4. Notices + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, + or limitations of liability) contained within the Source Code Form of + the Covered Software, except that You may alter any license notices to + the extent required to remedy known factual inaccuracies. + . + 3.5. Application of Additional Terms + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + . + 4. Inability to Comply Due to Statute or Regulation + --------------------------------------------------- + . + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Software due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description must + be placed in a text file included with all distributions of the Covered + Software under this License. Except to the extent prohibited by statute + or regulation, such description must be sufficiently detailed for a + recipient of ordinary skill to be able to understand it. + . + 5. Termination + -------------- + . + 5.1. The rights granted under this License will terminate automatically + if You fail to comply with any of its terms. However, if You become + compliant, then the rights granted under this License from a particular + Contributor are reinstated (a) provisionally, unless and until such + Contributor explicitly and finally terminates Your grants, and (b) on an + ongoing basis, if such Contributor fails to notify You of the + non-compliance by some reasonable means prior to 60 days after You have + come back into compliance. Moreover, Your grants from a particular + Contributor are reinstated on an ongoing basis if such Contributor + notifies You of the non-compliance by some reasonable means, this is the + first time You have received notice of non-compliance with this License + from such Contributor, and You become compliant prior to 30 days after + Your receipt of the notice. + . + 5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + . + 5.3. In the event of termination under Sections 5.1 or 5.2 above, all + end user license agreements (excluding distributors and resellers) which + have been validly granted by You or Your distributors under this License + prior to termination shall survive termination. + . + ************************************************************************ + * * + * 6. Disclaimer of Warranty * + * ------------------------- * + * * + * Covered Software is provided under this License on an "as is" * + * basis, without warranty of any kind, either expressed, implied, or * + * statutory, including, without limitation, warranties that the * + * Covered Software is free of defects, merchantable, fit for a * + * particular purpose or non-infringing. The entire risk as to the * + * quality and performance of the Covered Software is with You. * + * Should any Covered Software prove defective in any respect, You * + * (not any Contributor) assume the cost of any necessary servicing, * + * repair, or correction. This disclaimer of warranty constitutes an * + * essential part of this License. No use of any Covered Software is * + * authorized under this License except under this disclaimer. * + * * + ************************************************************************ + . + ************************************************************************ + * * + * 7. Limitation of Liability * + * -------------------------- * + * * + * Under no circumstances and under no legal theory, whether tort * + * (including negligence), contract, or otherwise, shall any * + * Contributor, or anyone who distributes Covered Software as * + * permitted above, be liable to You for any direct, indirect, * + * special, incidental, or consequential damages of any character * + * including, without limitation, damages for lost profits, loss of * + * goodwill, work stoppage, computer failure or malfunction, or any * + * and all other commercial damages or losses, even if such party * + * shall have been informed of the possibility of such damages. This * + * limitation of liability shall not apply to liability for death or * + * personal injury resulting from such party's negligence to the * + * extent applicable law prohibits such limitation. Some * + * jurisdictions do not allow the exclusion or limitation of * + * incidental or consequential damages, so this exclusion and * + * limitation may not apply to You. * + * * + ************************************************************************ + . + 8. Litigation + ------------- + Any litigation relating to this License may be brought only in the + courts of a jurisdiction where the defendant maintains its principal + place of business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. + Nothing in this Section shall prevent a party's ability to bring + cross-claims or counter-claims. + . + 9. Miscellaneous + ---------------- + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides + that the language of a contract shall be construed against the drafter + shall not be used to construe this License against a Contributor. + . + 10. Versions of the License + --------------------------- + . + 10.1. New Versions + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + . + 10.2. Effect of New Versions + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + . + 10.3. Modified Versions + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + . + 10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses + . + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. + . + Exhibit A - Source Code Form License Notice + ------------------------------------------- + . + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + . + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to look + for such a notice. + . + You may add additional accurate notices of copyright ownership. + . + Exhibit B - "Incompatible With Secondary Licenses" Notice + --------------------------------------------------------- + . + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. + +License: BSL-1.0 + Boost Software License - Version 1.0 - August 17th, 2003 + . + Permission is hereby granted, free of charge, to any person or organization + obtaining a copy of the software and accompanying documentation covered by + this license (the "Software") to use, reproduce, display, distribute, + execute, and transmit the Software, and to prepare derivative works of the + Software, and to permit third-parties to whom the Software is furnished to + do so, all subject to the following: + . + The copyright notices in the Software and this entire statement, including + the above license grant, this restriction and the following disclaimer, + must be included in all copies of the Software, in whole or in part, and + all derivative works of the Software, unless such copies or derivative + works are solely in the form of machine-executable object code generated by + a source language processor. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT + SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE + FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. diff --git a/debian/copyright-scan-patterns.yml b/debian/copyright-scan-patterns.yml new file mode 100644 index 0000000..3592d24 --- /dev/null +++ b/debian/copyright-scan-patterns.yml @@ -0,0 +1,33 @@ +--- +check: + suffixes: + - asm + - lua + - nqp + - s + - template +ignore: + pattern: + - /debian/ + - Makefile + - AUTHORS + - README + - ChangeLog + - INSTALL + - MANIFEST + - /config(.guess|ure|ure.ac|.h.in|.sub) + suffixes: + - generic + - rst + - jpg + - yml + - png + - dia + - o + - htm + - html + - txt + - install + - M + - in + diff --git a/debian/fill.copyright.blanks.yml b/debian/fill.copyright.blanks.yml new file mode 100644 index 0000000..b1c7e8e --- /dev/null +++ b/debian/fill.copyright.blanks.yml @@ -0,0 +1,18 @@ +--- +src/hooks/* : + copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +doc/* : + copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +src/lib/dhcpsrv/cache_host_data_source.h : + copyright: 2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +ext/* : + copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +m4macros/* : + copyright: 1994-2013, Free Software Foundation, Inc. + license: MPL-2.0 + + diff --git a/debian/fix.scanned.copyright b/debian/fix.scanned.copyright new file mode 100644 index 0000000..2f1c741 --- /dev/null +++ b/debian/fix.scanned.copyright @@ -0,0 +1,368 @@ +! License:"MPL-2.0" + text=" + Mozilla Public License Version 2.0 + ================================== + . + 1. Definitions + -------------- + 1.1. \"Contributor\" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + 1.2. \"Contributor Version\" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + 1.3. \"Contribution\" + means Covered Software of a particular Contributor. + 1.4. \"Covered Software\" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + 1.5. \"Incompatible With Secondary Licenses\" + means + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + 1.6. \"Executable Form\" + means any form of the work other than Source Code Form. + 1.7. \"Larger Work\" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + 1.8. \"License\" + means this document. + 1.9. \"Licensable\" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + 1.10. \"Modifications\" + means any of the following: + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + (b) any new file in Source Code Form that contains any Covered + Software. + 1.11. \"Patent Claims\" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + 1.12. \"Secondary License\" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + 1.13. \"Source Code Form\" + means the form of the work preferred for making modifications. + 1.14. \"You\" (or \"Your\") + means an individual or a legal entity exercising rights under this + License. For legal entities, \"You\" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, \"control\" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + . + 2. License Grants and Conditions + -------------------------------- + 2.1. Grants + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + (a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + (b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + . + 2.2. Effective Date + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + . + 2.3. Limitations on Grant Scope + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + (a) for any code that a Contributor has removed from Covered Software; + or + (b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + (c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + . + 2.4. Subsequent Licenses + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + . + 2.5. Representation + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights + to grant the rights to its Contributions conveyed by this License. + . + 2.6. Fair Use + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + . + 2.7. Conditions + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted + in Section 2.1. + . + 3. Responsibilities + ------------------- + 3.1. Distribution of Source Form + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + . + 3.2. Distribution of Executable Form + If You distribute Covered Software in Executable Form then: + (a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + (b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + 3.3. Distribution of a Larger Work + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + . + 3.4. Notices + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, + or limitations of liability) contained within the Source Code Form of + the Covered Software, except that You may alter any license notices to + the extent required to remedy known factual inaccuracies. + . + 3.5. Application of Additional Terms + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + . + 4. Inability to Comply Due to Statute or Regulation + --------------------------------------------------- + . + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Software due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description must + be placed in a text file included with all distributions of the Covered + Software under this License. Except to the extent prohibited by statute + or regulation, such description must be sufficiently detailed for a + recipient of ordinary skill to be able to understand it. + . + 5. Termination + -------------- + . + 5.1. The rights granted under this License will terminate automatically + if You fail to comply with any of its terms. However, if You become + compliant, then the rights granted under this License from a particular + Contributor are reinstated (a) provisionally, unless and until such + Contributor explicitly and finally terminates Your grants, and (b) on an + ongoing basis, if such Contributor fails to notify You of the + non-compliance by some reasonable means prior to 60 days after You have + come back into compliance. Moreover, Your grants from a particular + Contributor are reinstated on an ongoing basis if such Contributor + notifies You of the non-compliance by some reasonable means, this is the + first time You have received notice of non-compliance with this License + from such Contributor, and You become compliant prior to 30 days after + Your receipt of the notice. + . + 5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + . + 5.3. In the event of termination under Sections 5.1 or 5.2 above, all + end user license agreements (excluding distributors and resellers) which + have been validly granted by You or Your distributors under this License + prior to termination shall survive termination. + . + ************************************************************************ + * * + * 6. Disclaimer of Warranty * + * ------------------------- * + * * + * Covered Software is provided under this License on an \"as is\" * + * basis, without warranty of any kind, either expressed, implied, or * + * statutory, including, without limitation, warranties that the * + * Covered Software is free of defects, merchantable, fit for a * + * particular purpose or non-infringing. The entire risk as to the * + * quality and performance of the Covered Software is with You. * + * Should any Covered Software prove defective in any respect, You * + * (not any Contributor) assume the cost of any necessary servicing, * + * repair, or correction. This disclaimer of warranty constitutes an * + * essential part of this License. No use of any Covered Software is * + * authorized under this License except under this disclaimer. * + * * + ************************************************************************ + . + ************************************************************************ + * * + * 7. Limitation of Liability * + * -------------------------- * + * * + * Under no circumstances and under no legal theory, whether tort * + * (including negligence), contract, or otherwise, shall any * + * Contributor, or anyone who distributes Covered Software as * + * permitted above, be liable to You for any direct, indirect, * + * special, incidental, or consequential damages of any character * + * including, without limitation, damages for lost profits, loss of * + * goodwill, work stoppage, computer failure or malfunction, or any * + * and all other commercial damages or losses, even if such party * + * shall have been informed of the possibility of such damages. This * + * limitation of liability shall not apply to liability for death or * + * personal injury resulting from such party's negligence to the * + * extent applicable law prohibits such limitation. Some * + * jurisdictions do not allow the exclusion or limitation of * + * incidental or consequential damages, so this exclusion and * + * limitation may not apply to You. * + * * + ************************************************************************ + . + 8. Litigation + ------------- + Any litigation relating to this License may be brought only in the + courts of a jurisdiction where the defendant maintains its principal + place of business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. + Nothing in this Section shall prevent a party's ability to bring + cross-claims or counter-claims. + . + 9. Miscellaneous + ---------------- + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides + that the language of a contract shall be construed against the drafter + shall not be used to construe this License against a Contributor. + . + 10. Versions of the License + --------------------------- + . + 10.1. New Versions + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + . + 10.2. Effect of New Versions + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + . + 10.3. Modified Versions + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + . + 10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses + . + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. + . + Exhibit A - Source Code Form License Notice + ------------------------------------------- + . + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + . + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to look + for such a notice. + . + You may add additional accurate notices of copyright ownership. + . + Exhibit B - \"Incompatible With Secondary Licenses\" Notice + --------------------------------------------------------- + . + This Source Code Form is \"Incompatible With Secondary Licenses\", as + defined by the Mozilla Public License, v. 2.0." + +! License:"BSL-1.0" + text=" + Boost Software License - Version 1.0 - August 17th, 2003 + . + Permission is hereby granted, free of charge, to any person or organization + obtaining a copy of the software and accompanying documentation covered by + this license (the \"Software\") to use, reproduce, display, distribute, + execute, and transmit the Software, and to prepare derivative works of the + Software, and to permit third-parties to whom the Software is furnished to + do so, all subject to the following: + . + The copyright notices in the Software and this entire statement, including + the above license grant, this restriction and the following disclaimer, + must be included in all copies of the Software, in whole or in part, and + all derivative works of the Software, unless such copies or derivative + works are solely in the form of machine-executable object code generated by + a source language processor. + . + THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT + SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE + FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE." + +! Files:"*" + Copyright="2010-2018, Internet Systems Consortium, Inc. (\"ISC\")" + License short_name="MPL-2.0" + +! Files:"debian/*" + Copyright="2016-2018, Adam Majer <adamm@zombino.com> / 2017-2018, Jason Guy (jason.e.guy@gmail.com) / 2018-2018, Internet Systems Consortium, Inc." + License short_name="MPL-2.0" + +! Files:"src/lib/util/encode/*" + Copyright="2002, Robert Ramey - http:www.rrsd.com ." + License short_name="BSL-1.0" + diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..ed04da0 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,4 @@ +[DEFAULT] +debian-branch = debian/unstable +pristine-tar = True +pristine-tar-commit = True diff --git a/debian/kea-admin.install b/debian/kea-admin.install new file mode 100644 index 0000000..9117487 --- /dev/null +++ b/debian/kea-admin.install @@ -0,0 +1,3 @@ +usr/sbin/kea-admin +usr/sbin/perfdhcp +usr/share/kea/scripts diff --git a/debian/kea-admin.lintian-overrides b/debian/kea-admin.lintian-overrides new file mode 100644 index 0000000..8500cf7 --- /dev/null +++ b/debian/kea-admin.lintian-overrides @@ -0,0 +1,2 @@ +kea-admin: script-not-executable [usr/share/kea/scripts/*] +kea-admin: bash-term-in-posix-shell diff --git a/debian/kea-admin.manpages b/debian/kea-admin.manpages new file mode 100644 index 0000000..342d39e --- /dev/null +++ b/debian/kea-admin.manpages @@ -0,0 +1,2 @@ +usr/share/man/man8/kea-admin.8 +usr/share/man/man8/perfdhcp.8 diff --git a/debian/kea-common.install b/debian/kea-common.install new file mode 100644 index 0000000..b7023a0 --- /dev/null +++ b/debian/kea-common.install @@ -0,0 +1,4 @@ +debian/usr.sbin.kea-lfc etc/apparmor.d/ +usr/lib/*/kea/hooks +usr/lib/*/libkea-*.so.* +usr/sbin/kea-lfc diff --git a/debian/kea-common.lintian-overrides b/debian/kea-common.lintian-overrides new file mode 100644 index 0000000..0efd491 --- /dev/null +++ b/debian/kea-common.lintian-overrides @@ -0,0 +1 @@ +kea-common: package-name-doesnt-match-sonames * diff --git a/debian/kea-common.manpages b/debian/kea-common.manpages new file mode 100644 index 0000000..12f0ade --- /dev/null +++ b/debian/kea-common.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-lfc.8 diff --git a/debian/kea-common.postinst b/debian/kea-common.postinst new file mode 100644 index 0000000..61957be --- /dev/null +++ b/debian/kea-common.postinst @@ -0,0 +1,39 @@ +#!/bin/sh +# postinst script for kea-common +# +# see: dh_installdeb(1) + +set -e + +case "$1" in + configure) + addgroup --force-badname --system _kea >/dev/null || exit 1 + adduser --force-badname --quiet --system --home /var/lib/kea \ + --shell /bin/false --no-create-home --disabled-password --disabled-login \ + --gecos "Kea DHCP User" --group _kea >/dev/null || exit 1 + + # From version 2.2.0-2 we leave the handling of the /var/log/kea and + # /var/lib/kea directories to systemd (creation and ownership/permissions + # settings). When upgrading from kea-common (< 2.2.0-2) drop the now + # useless dpkg-statoverrides. + if [ "$2" != "" ] && dpkg --compare-versions "$2" lt "2.2.0-2"; then + for d in /var/log/kea /var/lib/kea; do + if dpkg-statoverride --list $d >/dev/null 2>&1; then + dpkg-statoverride --remove $d + fi + done + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/kea-ctrl-agent.config b/debian/kea-ctrl-agent.config new file mode 100644 index 0000000..00e4013 --- /dev/null +++ b/debian/kea-ctrl-agent.config @@ -0,0 +1,73 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +ask_for_password() { + while :; do + RET="" + db_input high kea-ctrl-agent/kea_api_password || true + db_go || true + db_get kea-ctrl-agent/kea_api_password + if [ -z "$RET" ]; then + # empty passwords result in no action + break + fi + API_PASSWORD="$RET" + db_input high kea-ctrl-agent/kea_api_password_again || true + db_go || true + db_get kea-ctrl-agent/kea_api_password_again + if [ "$RET" = "$API_PASSWORD" ]; then + API_PASSWORD="" + break + fi + db_fset kea-ctrl-agent/password_mismatch seen false + db_input critical kea-ctrl-agent/password_mismatch || true + db_set kea-ctrl-agent/kea_api_password "" + db_set kea-ctrl-agent/kea_api_password_again "" + db_go || true + done +} + +gen_random_pw() { + head -c 15 /dev/urandom | base64 | tr -d '[:space:]' +} + + +RET="" +choice="" +reconfigure="" + +if [ "${1}" = "configure" ] || [ "${1}" = "reconfigure" ]; then + if [ "${1}" = "reconfigure" ] || [ -n "${DEBCONF_RECONFIGURE}" ]; then + reconfigure="yes" + fi + # only ask questions on: + # - reconfigure + # - fresh install + # - upgrade from pre-debconf package (lt: empty version is "earlier", so + # this covers the fresh install case too) + if [ -n "${reconfigure}" ] || dpkg --compare-versions "$2" lt "2.2.0-5ubuntu2~"; then + db_input high kea-ctrl-agent/make_a_choice || true + db_go || true + + db_get kea-ctrl-agent/make_a_choice + choice="${RET}" + + case "${choice}" in + unconfigured) + # nothing to do + ;; + configured_password) + ask_for_password + ;; + configured_random_password) + db_set kea-ctrl-agent/kea_api_password "$(gen_random_pw)" + ;; + *) + # shouldn't happen, so it's the same as "unconfigured" above + ;; + esac + fi +fi diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init new file mode 100644 index 0000000..3d1d5fa --- /dev/null +++ b/debian/kea-ctrl-agent.init @@ -0,0 +1,161 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-ctrl-agent +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP Control Agent for REST Service +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. +### END INIT INFO +# Author: Jason Guy <jason.e.guy@gmail.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=kea-ctrl-agent +NAME=kea-ctrl-agent +DAEMON=/usr/sbin/kea-ctrl-agent +DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf" +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" + fi +} + +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + create_pidfile_dir + export KEA_LOCKFILE_DIR + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-ctrl-agent.install b/debian/kea-ctrl-agent.install new file mode 100644 index 0000000..c1184cf --- /dev/null +++ b/debian/kea-ctrl-agent.install @@ -0,0 +1,4 @@ +etc/kea/kea-ctrl-agent.conf +usr/sbin/kea-ctrl-agent +usr/sbin/kea-shell +debian/usr.sbin.kea-ctrl-agent etc/apparmor.d/ diff --git a/debian/kea-ctrl-agent.manpages b/debian/kea-ctrl-agent.manpages new file mode 100644 index 0000000..ff73f6e --- /dev/null +++ b/debian/kea-ctrl-agent.manpages @@ -0,0 +1,2 @@ +usr/share/man/man8/kea-ctrl-agent.8 +usr/share/man/man8/kea-shell.8 diff --git a/debian/kea-ctrl-agent.postinst b/debian/kea-ctrl-agent.postinst new file mode 100644 index 0000000..a3c94af --- /dev/null +++ b/debian/kea-ctrl-agent.postinst @@ -0,0 +1,72 @@ +#!/bin/sh +# postinst script for kea-ctrl-agent. +# +# See: dh_installdeb(1). + +set -e + +. /usr/share/debconf/confmodule + +# Summary of how this script can be called: +# * <postinst> 'configure' <most-recently-configured-version> +# * <old-postinst> 'abort-upgrade' <new version> +# * <conflictor's-postinst> 'abort-remove' 'in-favour' <package> +# <new-version> +# * <postinst> 'abort-remove' +# * <deconfigured's-postinst> 'abort-deconfigure' 'in-favour' +# <failed-install-package> <version> 'removing' +# <conflicting-package> <version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package. + + +case "$1" in + configure|reconfigure) + api_password="" + choice="" + pw_file=/etc/kea/kea-api-password + + db_get kea-ctrl-agent/make_a_choice + choice="${RET}" + RET="" + + case "${choice}" in + unconfigured) + # do nothing + ;; + configured_password|configured_random_password) + db_get kea-ctrl-agent/kea_api_password + api_password="${RET}" + ;; + *) + ;; + esac + + if [ -n "${api_password}" ]; then + touch "${pw_file}" + chmod 0640 "${pw_file}" + chgrp _kea "${pw_file}" + # no extra \n + printf "%s" "${api_password}" > "${pw_file}" + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +# forget we ever saw the password +db_set kea-ctrl-agent/kea_api_password "" +db_set kea-ctrl-agent/kea_api_password_again "" + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/kea-ctrl-agent.postrm b/debian/kea-ctrl-agent.postrm new file mode 100644 index 0000000..f387553 --- /dev/null +++ b/debian/kea-ctrl-agent.postrm @@ -0,0 +1,40 @@ +#!/bin/sh +# postrm script for kea-ctrl-agent. +# +# See: dh_installdeb(1). + +set -e + +# Summary of how this script can be called: +# * <postrm> 'remove' +# * <postrm> 'purge' +# * <old-postrm> 'upgrade' <new-version> +# * <new-postrm> 'failed-upgrade' <old-version> +# * <new-postrm> 'abort-install' +# * <new-postrm> 'abort-install' <old-version> +# * <new-postrm> 'abort-upgrade' <old-version> +# * <disappearer's-postrm> 'disappear' <overwriter> +# <overwriter-version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package. + + +case "$1" in + purge) + rm -f /etc/kea/kea-api-password + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/kea-ctrl-agent.service b/debian/kea-ctrl-agent.service new file mode 100644 index 0000000..52e11ad --- /dev/null +++ b/debian/kea-ctrl-agent.service @@ -0,0 +1,22 @@ +[Unit] +Description=Kea Control Agent +Documentation=man:kea-ctrl-agent(8) +After=network-online.target time-sync.target +ConditionFileNotEmpty=/etc/kea/kea-api-password + +[Service] +User=_kea +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/debian/kea-ctrl-agent.templates b/debian/kea-ctrl-agent.templates new file mode 100644 index 0000000..090e353 --- /dev/null +++ b/debian/kea-ctrl-agent.templates @@ -0,0 +1,34 @@ +Template: kea-ctrl-agent/kea_api_password +Type: password +_Description: New password for the kea control agent "kea_api" user: + This password will be stored in the /etc/kea/kea-api-password file. + . + NOTE: if the password is empty, no action will be taken. + +Template: kea-ctrl-agent/kea_api_password_again +Type: password +_Description: Repeat password for the kea control agent "kea_api" user: + +Template: kea-ctrl-agent/password_mismatch +Type: error +_Description: Password input error + The two passwords you entered were not the same. Please try again. + +Template: kea-ctrl-agent/make_a_choice +Type: select +Choices: do_nothing, configured_random_password, configured_password +_Description: Kea control agent authentication configuration + Starting with this version, the Kea Control Agent will be configured to require authentication by default. + . + The available options are: + . + do nothing: + Until you create /etc/kea/kea-api-password, either manually or using one the other options described here, the service will not start. + . + configured with a random password: + The packaging will generate a random password for you, save it, and start the service. + . + configured with password: + The packaging will save the password you supply, and start the service. Note that an empty password will result in no action and be equivalent to "do nothing" above. + . + The username is `kea-api`, and the password will be expected to be in `/etc/kea/kea-api-password`. diff --git a/debian/kea-dev.install b/debian/kea-dev.install new file mode 100644 index 0000000..9805c55 --- /dev/null +++ b/debian/kea-dev.install @@ -0,0 +1,3 @@ +usr/include/kea/* +usr/lib/*/libkea-*.so +usr/bin/kea-msg-compiler diff --git a/debian/kea-dev.lintian-overrides b/debian/kea-dev.lintian-overrides new file mode 100644 index 0000000..a87424b --- /dev/null +++ b/debian/kea-dev.lintian-overrides @@ -0,0 +1 @@ +kea-dev: no-manual-page [usr/bin/kea-msg-compiler] diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init new file mode 100644 index 0000000..c67be9e --- /dev/null +++ b/debian/kea-dhcp-ddns-server.init @@ -0,0 +1,167 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp-ddns +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP DDNS Server +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. +### END INIT INFO +# Author: Adam Majer <adamm@zombino.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=kea-dhcp-ddns +NAME=kea-dhcp-ddns +DAEMON=/usr/sbin/kea-dhcp-ddns +DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf" +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/ddns.html#starting-and-stopping-the-dhcp-ddns-server +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" + fi +} + +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +setcap_binary() +{ + setcap "cap_net_bind_service" $DAEMON +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + create_pidfile_dir + setcap_binary + export KEA_LOCKFILE_DIR + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-dhcp-ddns-server.install b/debian/kea-dhcp-ddns-server.install new file mode 100644 index 0000000..d029623 --- /dev/null +++ b/debian/kea-dhcp-ddns-server.install @@ -0,0 +1,3 @@ +etc/kea/kea-dhcp-ddns.conf +usr/sbin/kea-dhcp-ddns +debian/usr.sbin.kea-dhcp-ddns /etc/apparmor.d/ diff --git a/debian/kea-dhcp-ddns-server.manpages b/debian/kea-dhcp-ddns-server.manpages new file mode 100644 index 0000000..4dde921 --- /dev/null +++ b/debian/kea-dhcp-ddns-server.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-dhcp-ddns.8 diff --git a/debian/kea-dhcp-ddns-server.service b/debian/kea-dhcp-ddns-server.service new file mode 100644 index 0000000..e752e9d --- /dev/null +++ b/debian/kea-dhcp-ddns-server.service @@ -0,0 +1,21 @@ +[Unit] +Description=Kea DDNS Service +Documentation=man:kea-dhcp-ddns(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +User=_kea +AmbientCapabilities=CAP_NET_BIND_SERVICE +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf + +[Install] +WantedBy=multi-user.target diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init new file mode 100644 index 0000000..c91aa61 --- /dev/null +++ b/debian/kea-dhcp4-server.init @@ -0,0 +1,167 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp4-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP IPv4 Server +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. +### END INIT INFO +# Author: Adam Majer <adamm@zombino.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp4" +NAME=kea-dhcp4-server +DAEMON=/usr/sbin/kea-dhcp4 +DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf" +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-dhcp4.kea-dhcp4.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" + fi +} + +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +setcap_binary() +{ + setcap "cap_net_bind_service,cap_net_raw=+ep" $DAEMON +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + create_pidfile_dir + setcap_binary + export KEA_LOCKFILE_DIR + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-dhcp4-server.install b/debian/kea-dhcp4-server.install new file mode 100644 index 0000000..59f61d2 --- /dev/null +++ b/debian/kea-dhcp4-server.install @@ -0,0 +1,3 @@ +etc/kea/kea-dhcp4.conf +usr/sbin/kea-dhcp4 +debian/usr.sbin.kea-dhcp4 /etc/apparmor.d/ diff --git a/debian/kea-dhcp4-server.manpages b/debian/kea-dhcp4-server.manpages new file mode 100644 index 0000000..05225e5 --- /dev/null +++ b/debian/kea-dhcp4-server.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-dhcp4.8 diff --git a/debian/kea-dhcp4-server.service b/debian/kea-dhcp4-server.service new file mode 100644 index 0000000..43b70c8 --- /dev/null +++ b/debian/kea-dhcp4-server.service @@ -0,0 +1,21 @@ +[Unit] +Description=Kea IPv4 DHCP daemon +Documentation=man:kea-dhcp4(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +User=_kea +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf + +[Install] +WantedBy=multi-user.target diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init new file mode 100644 index 0000000..7b57f01 --- /dev/null +++ b/debian/kea-dhcp6-server.init @@ -0,0 +1,167 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp6-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP IPv6 Server +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. +### END INIT INFO +# Author: Adam Majer <adamm@zombino.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp6" +NAME=kea-dhcp6-server +DAEMON=/usr/sbin/kea-dhcp6 +DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf" +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-dhcp6.kea-dhcp6.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" + fi +} + +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +setcap_binary() +{ + setcap "cap_net_bind_service" $DAEMON +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + create_pidfile_dir + setcap_binary + export KEA_LOCKFILE_DIR + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-dhcp6-server.install b/debian/kea-dhcp6-server.install new file mode 100644 index 0000000..d22f7a7 --- /dev/null +++ b/debian/kea-dhcp6-server.install @@ -0,0 +1,3 @@ +etc/kea/kea-dhcp6.conf +usr/sbin/kea-dhcp6 +debian/usr.sbin.kea-dhcp6 /etc/apparmor.d/ diff --git a/debian/kea-dhcp6-server.manpages b/debian/kea-dhcp6-server.manpages new file mode 100644 index 0000000..b6c99cb --- /dev/null +++ b/debian/kea-dhcp6-server.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-dhcp6.8 diff --git a/debian/kea-dhcp6-server.service b/debian/kea-dhcp6-server.service new file mode 100644 index 0000000..7944a09 --- /dev/null +++ b/debian/kea-dhcp6-server.service @@ -0,0 +1,21 @@ +[Unit] +Description=Kea IPv6 DHCP daemon +Documentation=man:kea-dhcp6(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +User=_kea +AmbientCapabilities=CAP_NET_BIND_SERVICE +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf + +[Install] +WantedBy=multi-user.target diff --git a/debian/kea-doc.README.Debian b/debian/kea-doc.README.Debian new file mode 100644 index 0000000..03c9d46 --- /dev/null +++ b/debian/kea-doc.README.Debian @@ -0,0 +1,13 @@ +# ISC Kea for Debian + +## Logging + +Following what upstream does with their .deb packaging, the Debian packages by +default log to the systemd journal. If logging to file is desired just edit the +config files and change the loggers "output" to a file under /var/log/kea/, +e.g. for /etc/kea/kea-dhcp4.conf: + + "output": "/var/log/kea/kea-dhcp4.log" + +The systemd units automatically create the /var/log/kea/ right ownership and +permissions. diff --git a/debian/kea-doc.doc-base b/debian/kea-doc.doc-base new file mode 100644 index 0000000..e403e79 --- /dev/null +++ b/debian/kea-doc.doc-base @@ -0,0 +1,11 @@ +Document: kea +Title: Kea Administrator Reference Manual +Author: Internet Systems Consortium +Abstract: This is the reference guide for Kea, an open source implementation + of the Dynamic Host Configuration Protocol (DHCP) servers, developed and + maintained by Internet Systems Consortium (ISC). +Section: System/Administration + +Format: HTML +Files: /usr/share/doc/kea/html/* +Index: /usr/share/doc/kea/html/index.html diff --git a/debian/kea-doc.docs b/debian/kea-doc.docs new file mode 100644 index 0000000..df73e67 --- /dev/null +++ b/debian/kea-doc.docs @@ -0,0 +1,3 @@ +CONTRIBUTING.md +usr/share/doc/kea/* +usr/share/kea/api diff --git a/debian/kea-doc.lintian-overrides b/debian/kea-doc.lintian-overrides new file mode 100644 index 0000000..6e30f23 --- /dev/null +++ b/debian/kea-doc.lintian-overrides @@ -0,0 +1,3 @@ +kea-doc: embedded-javascript-library * +kea-doc: font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*] +kea-doc: font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*] diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..045263b --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,4 @@ +usr/share/man/man8/kea-netconf.8 +usr/sbin/keactrl +usr/share/man/man8/keactrl.8 +etc/kea/keactrl.conf diff --git a/debian/patches/0002-kea_admin_fix.patch b/debian/patches/0002-kea_admin_fix.patch new file mode 100644 index 0000000..5ed99e4 --- /dev/null +++ b/debian/patches/0002-kea_admin_fix.patch @@ -0,0 +1,20 @@ +From: Kea <isc-kea@packages.debian.org> +Date: Tue, 19 Feb 2019 12:39:35 +0000 +Subject: kea_admin_fix + +Removed the fallback to the build version of kea-admin since it will not exist on users hosts. +--- + src/bin/admin/kea-admin.in | 2 -- + 1 file changed, 2 deletions(-) + +--- a/src/bin/admin/kea-admin.in ++++ b/src/bin/admin/kea-admin.in +@@ -50,8 +50,6 @@ + # Include the installed admin-utils.sh if available. Fallback to sources otherwise. + if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then + . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh" +-else +- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh" + fi + + # Find the installed kea-lfc if available. Fallback to sources otherwise. diff --git a/debian/patches/0009-disable-database-tests.patch b/debian/patches/0009-disable-database-tests.patch new file mode 100644 index 0000000..7d008c8 --- /dev/null +++ b/debian/patches/0009-disable-database-tests.patch @@ -0,0 +1,26 @@ +Description: Skip the database tests + The MySQL and PostgreSQL tests require a server with username, + password and tables setup for the test, see doc/devel/unit-tests.dox. + There's no way to instruct the build system to skip specific tests, + so let's disable them with a patch. +Forwarded: not-needed +Author: Paride Legovini <paride.legovini@canonical.com> +Last-Update: 2020-12-03 +--- a/src/bin/admin/tests/mysql_tests.sh.in ++++ b/src/bin/admin/tests/mysql_tests.sh.in +@@ -1,4 +1,6 @@ + #!/bin/sh ++echo "SKIPPING MYSQL TEST" ++exit 0 + + # Copyright (C) 2014-2023 Internet Systems Consortium, Inc. ("ISC") + # +--- a/src/bin/admin/tests/pgsql_tests.sh.in ++++ b/src/bin/admin/tests/pgsql_tests.sh.in +@@ -1,4 +1,6 @@ + #!/bin/sh ++echo "SKIPPING POSTGRESQL TEST" ++exit 0 + + # Copyright (C) 2015-2023 Internet Systems Consortium, Inc. ("ISC") + # diff --git a/debian/patches/0010-set-control-sockets-location.patch b/debian/patches/0010-set-control-sockets-location.patch new file mode 100644 index 0000000..f8be1d3 --- /dev/null +++ b/debian/patches/0010-set-control-sockets-location.patch @@ -0,0 +1,116 @@ +From: Athos Ribeiro <athos.ribeiro@canonical.com> +Date: Mon, 13 Feb 2023 16:20:18 -0300 +Subject: d/rules: set the default location for control sockets to /run/kea + +The default config files place the control sockets in /tmp, which is +insecure. Mangle the config files to place the sockets under _kea-owned +/run/kea instead. + +Patch originally submitted by Paride Legovini in +https://salsa.debian.org/debian/isc-kea/-/merge_requests/15. + +Last-Update: 2023-02-13 +Bug: https://gitlab.isc.org/isc-projects/kea/-/issues/2495 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100 +--- + src/bin/keactrl/kea-ctrl-agent.conf.pre | 6 +++--- + src/bin/keactrl/kea-dhcp-ddns.conf.pre | 2 +- + src/bin/keactrl/kea-dhcp4.conf.pre | 2 +- + src/bin/keactrl/kea-dhcp6.conf.pre | 2 +- + src/bin/keactrl/kea-netconf.conf.pre | 4 ++-- + 5 files changed, 8 insertions(+), 8 deletions(-) + +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -32,15 +32,15 @@ + "control-sockets": { + "dhcp4": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + }, + "dhcp6": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + }, + "d2": { + "socket-type": "unix", +- "socket-name": "/tmp/kea-ddns-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket" + } + }, + +--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre ++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre +@@ -23,7 +23,7 @@ + "port": 53001, + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea-ddns-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket" + }, + "tsig-keys": [], + "forward-ddns" : {}, +--- a/src/bin/keactrl/kea-dhcp4.conf.pre ++++ b/src/bin/keactrl/kea-dhcp4.conf.pre +@@ -49,7 +49,7 @@ + // more. For detailed description, see Sections 8.8, 16 and 15. + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. +--- a/src/bin/keactrl/kea-dhcp6.conf.pre ++++ b/src/bin/keactrl/kea-dhcp6.conf.pre +@@ -43,7 +43,7 @@ + // description, see Sections 9.12, 16 and 15. + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. +--- a/src/bin/keactrl/kea-netconf.conf.pre ++++ b/src/bin/keactrl/kea-netconf.conf.pre +@@ -30,13 +30,13 @@ + "dhcp4": { + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + } + }, + "dhcp6": { + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + } + } + }, +--- a/tools/path_replacer.sh.in ++++ b/tools/path_replacer.sh.in +@@ -28,13 +28,17 @@ + localstatedir="@localstatedir@" + exec_prefix="@exec_prefix@" + libdir="@libdir@" ++runstatedir="@runstatedir@" ++PACKAGE="@PACKAGE@" + + echo "Replacing \@prefix\@ with ${prefix}" + echo "Replacing \@libdir\@ with ${libdir}" + echo "Replacing \@sysconfdir\@ with ${sysconfdir}" + echo "Replacing \@localstatedir\@ with ${localstatedir}" ++echo "Replacing \@runstatedir\@ with ${runstatedir}" ++echo "Replacing \@PACKAGE\@ with ${PACKAGE}" + + echo "Input file: $1" + echo "Output file: $2" + +-sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g" "${1}" > "${2}" ++sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g; s@SEP@\@runstatedir\@@SEP@${runstatedir}@SEP@g; s@SEP@\@PACKAGE\@@SEP@${PACKAGE}@SEP@g" "${1}" > "${2}" diff --git a/debian/patches/0011-kea-ctrl-agent-authentication.patch b/debian/patches/0011-kea-ctrl-agent-authentication.patch new file mode 100644 index 0000000..d965fbc --- /dev/null +++ b/debian/patches/0011-kea-ctrl-agent-authentication.patch @@ -0,0 +1,30 @@ +Description: Set kea-ctrl-agent up to require a password. +Author: Andreas Hasenack <andreas.hasenack@canonical.com> +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2007312 +Last-Update: 2023-03-17 + +diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre +index e6ae8b8a..f7e3fed2 100644 +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -26,6 +26,18 @@ + // is specifically for HA updates only. + "http-port": 8000, + ++ "authentication": { ++ "type": "basic", ++ "realm": "Kea Control Agent", ++ "directory": "/etc/kea", ++ "clients": [ ++ { ++ "user": "kea-api", ++ "password-file": "kea-api-password" ++ } ++ ] ++ }, ++ + // Specify location of the files to which the Control Agent + // should connect to forward commands to the DHCPv4, DHCPv6 + // and D2 servers via unix domain sockets. diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..d18b4f5 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +0002-kea_admin_fix.patch +0009-disable-database-tests.patch +0010-set-control-sockets-location.patch +0011-kea-ctrl-agent-authentication.patch diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..e2d1d9f --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] kea-ctrl-agent.templates diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 0000000..7f7b56d --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,130 @@ +# German translation of isc-kea debconf templates. +# This file is distributed under the same license as the isc-kea package. +# Copyright © of this file: +# Christoph Brinkhaus <c.brinkhaus@t-online.de>, 2023. +# +msgid "" +msgstr "" +"Project-Id-Version: isc-kea_2.2.0-8\n" +"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n" +"POT-Creation-Date: 2023-03-29 14:20-0300\n" +"PO-Revision-Date: 2023-07-17 20:18+0200\n" +"Last-Translator: Christoph Brinkhaus <c.brinkhaus@t-online.de>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "New password for the kea control agent \"kea_api\" user:" +msgstr "Neues Passwort für den Kea Control Agent »kea_api«-Benutzer:" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "This password will be stored in the /etc/kea/kea-api-password file." +msgstr "" +"Dieses Passwort wird in der Datei /etc/kea/kea-api-password gespeichert." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "NOTE: if the password is empty, no action will be taken." +msgstr "HINWEIS: falls das Passwort leer ist, wird keine Aktion durchgeführt." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:2001 +msgid "Repeat password for the kea control agent \"kea_api\" user:" +msgstr "" +"Geben Sie das Passwort für den Kea Control Agent »kea_api«-Benutzer erneut " +"ein:" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "Password input error" +msgstr "Passwort-Eingabefehler" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"Die zwei eingegebenen Passwörter sind nicht identisch. Bitte versuchen Sie " +"es erneut." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "Kea control agent authentication configuration" +msgstr "Kea Control Agent-Authentifizierungskonfiguration" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"Starting with this version, the Kea Control Agent will be configured to " +"require authentication by default." +msgstr "" +"Ab dieser Version ist die Standardeinstellung des Kea Control Agent so, dass " +"eine Authentifizierung erforderlich ist." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "The available options are:" +msgstr "Die verfügbaren Möglichkeiten sind:" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" do nothing:\n" +" Until you create /etc/kea/kea-api-password, either manually or using one " +"the other options described here, the service will not start." +msgstr "" +" keine Aktion:\n" +" Bis Sie /etc/kea/kea-api-password erstellt haben, entweder manuell oder " +"durch Verwendung der anderen hier beschriebenen Möglichkeiten, wird der " +"Dienst nicht starten." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with a random password:\n" +" The packaging will generate a random password for you, save it, and start " +"the service." +msgstr "" +" mit einem zufälligen Passwort konfiguriert:\n" +" Das Paket erzeugt ein zufälliges Passwort, speichert es und startet den " +"Dienst." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with password:\n" +" The packaging will save the password you supply, and start the service. " +"Note that an empty password will result in no action and be equivalent to " +"\"do nothing\" above." +msgstr "" +" konfiguriert mit einem Passwort:\n" +" Das Paket speichert das bereitgestellte Passwort und startet den Dienst. " +"Beachten Sie, dass ein leeres Passwort keine Aktionen bewirkt und dem »keine " +"Aktion« von oben entspricht." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"The username is `kea-api`, and the password will be expected to be in `/etc/" +"kea/kea-api-password`." +msgstr "" +"Der Benutzername ist `kea-api` und das Passwort wird in `/etc/kea/kea-api-" +"password` erwartet." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 0000000..bef717d --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,129 @@ +# Translation of isc-kea debconf templates to Spanish. +# Copyright (C) 2023 Camaleón <noelamac@gmail.com> +# This file is distributed under the same license as the isc-kea package. +# Camaleón <noelamac@gmail.com>, 2023. +# +msgid "" +msgstr "" +"Project-Id-Version: isc-kea\n" +"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n" +"POT-Creation-Date: 2023-03-29 14:20-0300\n" +"PO-Revision-Date: 2023-07-09 16:50+0200\n" +"Last-Translator: Camaleón <noelamac@gmail.com>\n" +"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.4.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "New password for the kea control agent \"kea_api\" user:" +msgstr "Nueva contraseña del usuario «kea-api» del Agente de Control Kea:" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "This password will be stored in the /etc/kea/kea-api-password file." +msgstr "Esta contraseña se guardará en el archivo «/etc/kea/kea-api-password»." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "NOTE: if the password is empty, no action will be taken." +msgstr "" +"NOTA: si deja la contraseña en blanco, no se llevará a cabo ninguna acción." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:2001 +msgid "Repeat password for the kea control agent \"kea_api\" user:" +msgstr "" +"Vuelva a introducir la contraseña del usuario «kea-api» del Agente de " +"Control Kea:" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "Password input error" +msgstr "Error al introducir la contraseña" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Las contraseñas que ha introducido no coinciden. Inténtelo de nuevo." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "Kea control agent authentication configuration" +msgstr "Configuración de la autentificación del Agente de Control Kea" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"Starting with this version, the Kea Control Agent will be configured to " +"require authentication by default." +msgstr "" +"A partir de esta versión, el Agente de Control Kea se configurará para " +"requerir autentificación de manera predeterminada." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "The available options are:" +msgstr "Las opciones disponibles son:" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" do nothing:\n" +" Until you create /etc/kea/kea-api-password, either manually or using one " +"the other options described here, the service will not start." +msgstr "" +" no hacer nada:\n" +" El servicio no se iniciará hasta que no se genere el archivo «/etc/kea/kea-" +"api-password», bien manualmente o utilizando alguna de las otras opciones " +"descritas en este apartado." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with a random password:\n" +" The packaging will generate a random password for you, save it, and start " +"the service." +msgstr "" +" configurado con una contraseña aleatoria:\n" +" El paquete generará una contraseña aleatoria para usted, la guardará e " +"iniciará el servicio." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with password:\n" +" The packaging will save the password you supply, and start the service. " +"Note that an empty password will result in no action and be equivalent to " +"\"do nothing\" above." +msgstr "" +" configurado con contraseña:\n" +" El paquete guardará la contraseña que introduzca e iniciará el servicio. " +"Tenga en cuenta que una contraseña en blanco no generará ninguna acción y " +"será equivalente a la opción «no hacer nada»." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"The username is `kea-api`, and the password will be expected to be in `/etc/" +"kea/kea-api-password`." +msgstr "" +"El nombre de usuario es «kea-api» y se espera que la contraseña esté en el " +"archivo «/etc/kea/kea-api-password»." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 0000000..c139c17 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,132 @@ +# Translation of isc-kea debconf templates to French. +# Copyright (C) 2023 +# This file is distributed under the same license as the isc-kea package. +# +# Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>, 2023. +msgid "" +msgstr "" +"Project-Id-Version: isc-kea\n" +"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n" +"POT-Creation-Date: 2023-03-29 14:20-0300\n" +"PO-Revision-Date: 2023-12-16 11:24+0100\n" +"Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"Language: fr_FR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Lokalize 22.12.3\n" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "New password for the kea control agent \"kea_api\" user:" +msgstr "" +"Nouveau mot de passe de l'utilisateur agent de contrôle de kea « kea_api » :" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "This password will be stored in the /etc/kea/kea-api-password file." +msgstr "" +"Ce mot de passe sera enregistré dans le fichier /etc/kea/kea-api-password." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "NOTE: if the password is empty, no action will be taken." +msgstr "" +"NOTE : si le mot de passe est vide, aucune action ne sera entreprise." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:2001 +msgid "Repeat password for the kea control agent \"kea_api\" user:" +msgstr "" +"Confirmation du mot de passe de l'utilisateur agent de contrôle de kea " +"« kea_api » :" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "Password input error" +msgstr "Erreur de saisie du mot de passe" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"Le mot de passe et sa confirmation ne sont pas identiques. Veuillez " +"recommencer." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "Kea control agent authentication configuration" +msgstr "Configuration de l'authentification de l'agent de contrôle de kea" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"Starting with this version, the Kea Control Agent will be configured to " +"require authentication by default." +msgstr "" +"À partir de cette version, l'agent de contrôle de kea sera configuré pour " +"exiger par défaut une authentification." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "The available options are:" +msgstr "Les options disponibles sont :" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" do nothing:\n" +" Until you create /etc/kea/kea-api-password, either manually or using one " +"the other options described here, the service will not start." +msgstr "" +" Ne rien faire :\n" +" jusqu'à la création de /etc/kea/kea-api-password, manuellement ou en " +"utilisant une des options décrites ici, le service ne démarrera pas." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with a random password:\n" +" The packaging will generate a random password for you, save it, and start " +"the service." +msgstr "" +" Configuration avec un mot de passe aléatoire :\n" +" le paquet va générer un mot de passe aléatoire, enregistrez-le et démarrez " +"le service." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with password:\n" +" The packaging will save the password you supply, and start the service. " +"Note that an empty password will result in no action and be equivalent to " +"\"do nothing\" above." +msgstr "" +" Configuration avec un mot de passe :\n" +" le paquet va enregistrer le mot de passe fourni et démarrer le service. " +"Notez qu'un mot de passe vide n'aboutira à aucune action et est équivalent à " +"l'option « ne rien faire »." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"The username is `kea-api`, and the password will be expected to be in `/etc/" +"kea/kea-api-password`." +msgstr "" +"Le nom d'utilisateur est « kea-api et le mot de passe devrait être dans le " +"fichier « /etc/kea/kea-api-password »." diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 0000000..12b8d6e --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,127 @@ +# Dutch translation of isc-kea debconf templates. +# This file is distributed under the same license as the isc-kea package. +# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2023. +# +msgid "" +msgstr "" +"Project-Id-Version: isc-kea_2.2.0-8\n" +"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n" +"POT-Creation-Date: 2023-03-29 14:20-0300\n" +"PO-Revision-Date: 2023-07-10 23:19+0200\n" +"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" +"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Gtranslator 3.30.1\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "New password for the kea control agent \"kea_api\" user:" +msgstr "Nieuw wachtwoord voor gebruiker \"kea_api\" van de kea control agent:" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "This password will be stored in the /etc/kea/kea-api-password file." +msgstr "" +"Dit wachtwoord wordt opgeslagen in het bestand /etc/kea/kea-api-password." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "NOTE: if the password is empty, no action will be taken." +msgstr "OPMERKING: als het wachtwoord leeg is, wordt er geen actie ondernomen." + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:2001 +msgid "Repeat password for the kea control agent \"kea_api\" user:" +msgstr "" +"Herhaal het wachtwoord voor gebruiker \"kea_api\" van de kea control agent:" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "Password input error" +msgstr "Fout bij het invoeren van het wachtwoord" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"De twee wachtwoorden die u invoerde, waren niet identiek. Probeer opnieuw." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "Kea control agent authentication configuration" +msgstr "Kea control agent authenticatieconfiguratie" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"Starting with this version, the Kea Control Agent will be configured to " +"require authentication by default." +msgstr "" +"Vanaf deze versie wordt Kea Control Agent geconfigureerd om standaard " +"verificatie te vereisen." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "The available options are:" +msgstr "De beschikbare opties zijn:" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" do nothing:\n" +" Until you create /etc/kea/kea-api-password, either manually or using one " +"the other options described here, the service will not start." +msgstr "" +" niets doen:\n" +" Totdat u /etc/kea/kea-api-password aanmaakt, handmatig of met behulp van " +"een van de andere hier beschreven opties, zal de service niet starten." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with a random password:\n" +" The packaging will generate a random password for you, save it, and start " +"the service." +msgstr "" +" geconfigureerd met een willekeurig wachtwoord:\n" +" Het pakket genereert een willekeurig wachtwoord voor u, slaat het op en " +"start de service." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with password:\n" +" The packaging will save the password you supply, and start the service. " +"Note that an empty password will result in no action and be equivalent to " +"\"do nothing\" above." +msgstr "" +" geconfigureerd met wachtwoord:\n" +" Het pakket slaat het door u opgegeven wachtwoord op en start de service. " +"Merk op dat een leeg wachtwoord geen actie tot gevolg heeft en gelijk staat " +"aan \"niets doen\" hierboven." + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"The username is `kea-api`, and the password will be expected to be in `/etc/" +"kea/kea-api-password`." +msgstr "" +"De gebruikersnaam is `kea-api` en het wachtwoord wordt verwacht in `/etc/kea/" +"kea-api-password` te staan." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..c6a7229 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,110 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the isc-kea package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: isc-kea\n" +"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n" +"POT-Creation-Date: 2023-03-29 14:20-0300\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "New password for the kea control agent \"kea_api\" user:" +msgstr "" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "This password will be stored in the /etc/kea/kea-api-password file." +msgstr "" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:1001 +msgid "NOTE: if the password is empty, no action will be taken." +msgstr "" + +#. Type: password +#. Description +#: ../kea-ctrl-agent.templates:2001 +msgid "Repeat password for the kea control agent \"kea_api\" user:" +msgstr "" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "Password input error" +msgstr "" + +#. Type: error +#. Description +#: ../kea-ctrl-agent.templates:3001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "Kea control agent authentication configuration" +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"Starting with this version, the Kea Control Agent will be configured to " +"require authentication by default." +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "The available options are:" +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" do nothing:\n" +" Until you create /etc/kea/kea-api-password, either manually or using one " +"the other options described here, the service will not start." +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with a random password:\n" +" The packaging will generate a random password for you, save it, and start " +"the service." +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +" configured with password:\n" +" The packaging will save the password you supply, and start the service. " +"Note that an empty password will result in no action and be equivalent to " +"\"do nothing\" above." +msgstr "" + +#. Type: select +#. Description +#: ../kea-ctrl-agent.templates:4001 +msgid "" +"The username is `kea-api`, and the password will be expected to be in `/etc/" +"kea/kea-api-password`." +msgstr "" diff --git a/debian/python3-kea-connector.install b/debian/python3-kea-connector.install new file mode 100644 index 0000000..d0b8f74 --- /dev/null +++ b/debian/python3-kea-connector.install @@ -0,0 +1,2 @@ +usr/lib/python3/dist-packages/kea/kea_conn.py +usr/lib/python3/dist-packages/kea/kea_connector3.py diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..ec21498 --- /dev/null +++ b/debian/rules @@ -0,0 +1,75 @@ +#!/usr/bin/make -f + +# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/* +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + +include /usr/share/dpkg/pkg-info.mk + +# see FEATURE AREAS in dpkg-buildflags(1) +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# Disable LTO on ppc64el as it causes crashes (LP: #2055151). +# This has been spotted in Ubuntu, where LTO is enabled by +# default, but it likely that Debian would be affected too. +ifeq ($(DEB_HOST_ARCH),ppc64el) +export DEB_BUILD_MAINT_OPTIONS += optimize=-lto +endif + +%: + dh $@ --with python3 -X.la + +override_dh_auto_configure: + dh_auto_configure -- \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --with-openssl \ + --with-mysql \ + --with-pgsql \ + --with-boost-libs=-lboost_system \ + --enable-generate-docs \ + --enable-generate-messages \ + --enable-shell \ + --disable-static \ + --disable-rpath \ + --enable-generate-parser \ + --disable-dependency-tracking \ + --enable-perfdhcp \ + --without-werror \ + --with-site-packages=/usr/lib/python3/dist-packages + +execute_after_dh_auto_build-indep: + # Do not download external JS components in binary documentation package + # Inspired by similar removal in python-pyopencl + # Thanks to Andreas Beckmann + find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e '\,( *)<script async="async" src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>,i \1<script src="/usr/share/javascript/mathjax/MathJax.js"></script>' {} + + find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e 's,https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js,/usr/share/javascript/mathjax/config/TeX-MML-AM_CHTML.js,' {} + + +execute_after_dh_install: + dh_apparmor -pkea-ctrl-agent --profile-name=usr.sbin.kea-ctrl-agent + dh_apparmor -pkea-dhcp4-server --profile-name=usr.sbin.kea-dhcp4 + dh_apparmor -pkea-dhcp6-server --profile-name=usr.sbin.kea-dhcp6 + dh_apparmor -pkea-dhcp-ddns-server --profile-name=usr.sbin.kea-dhcp-ddns + dh_apparmor -pkea-common --profile-name=usr.sbin.kea-lfc + +override_dh_auto_test: + dh_auto_test --no-parallel + +execute_after_dh_auto_install: + rm -rv \ + debian/tmp/usr/share/doc/kea/ChangeLog \ + debian/tmp/usr/share/doc/kea/COPYING \ + debian/tmp/usr/lib/python3/dist-packages/kea/__pycache__ + # log to stdout (i.e. to to the systemd journal), and use a shorter log + # pattern that avoids logging information made redundant by the journal. + # adapted from: https://gitlab.isc.org/isc-projects/kea-packaging/-/blob/master/debian/rules + sed -i -e 's/"output": .*/"output": "stdout",/' -e 's@// "pattern"@"pattern"@' debian/tmp/etc/kea/kea-*.conf + +# Since we do not maintain a symbols file for the libraries shipped in +# kea-common, make the shlibs control file more strict, generating dependencies +# such as "libkea-util 52 kea-common (= 2.2.0-5)" instead of the less strict +# "libkea-util 52 kea-common (>= 2.2.0)". +override_dh_makeshlibs: + dh_makeshlibs -pkea-common -V'kea-common (= ${DEB_VERSION})' + dh_makeshlibs -Nkea-common diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..3c99ae9 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,14 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + # FTCBFS because of missing build-deps that are unlikely to be fixed any soon. + SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1 + # Fail on Lintian warnings + SALSA_CI_LINTIAN_FAIL_WARNING: 1 + SALSA_CI_LINTIAN_SUPPRESS_TAGS: >- + orig-tarball-missing-upstream-signature, + package-name-defined-in-config-h, + # Not reproducible when varying the build_path. + SALSA_CI_REPROTEST_ARGS: --variations=-build_path diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..8d87da8 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1 @@ +isc-kea source: very-long-line-length-in-source-file diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..bbed706 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,13 @@ +# Keep this test as the first, as it will verify the default installation +# behavior wrt kea-ctrl-agent password configuration +Tests: kea-ctrl-agent-debconf +Restrictions: needs-root, allow-stderr +Depends: kea-ctrl-agent + +Tests: smoke-tests +Restrictions: needs-root, allow-stderr +Depends: kea, curl, jq + +Tests: kea-dhcp4 +Restrictions: needs-root, allow-stderr, breaks-testbed +Depends: kea-dhcp4-server, kea-ctrl-agent, isc-dhcp-client, bridge-utils, iproute2, jq diff --git a/debian/tests/kea-ctrl-agent-debconf b/debian/tests/kea-ctrl-agent-debconf new file mode 100644 index 0000000..5790977 --- /dev/null +++ b/debian/tests/kea-ctrl-agent-debconf @@ -0,0 +1,266 @@ +#!/bin/bash + +set -e + +pw_file="/etc/kea/kea-api-password" +pw_secret="secret_password_${RANDOM}" +service="kea-ctrl-agent.service" + +cleanup() { + /bin/true +} + +trap cleanup EXIT + +override_systemd_throttling() { + mkdir -p /run/systemd/system/kea-ctrl-agent.service.d + cat > /run/systemd/system/kea-ctrl-agent.service.d/override.conf <<EOF +[Unit] +StartLimitIntervalSec=0 +EOF + systemctl daemon-reload +} + +check_perms() { + local file="${1}" + local wanted_perms="${2}" + local perms + + perms=$(stat -c %U:%G:%a "${file}") + if [ "${perms}" != "${wanted_perms}" ]; then + echo "## ERROR: permissions are ${perms} and should be ${wanted_perms}" + return 1 + else + echo "## OK, permissions are ${perms}" + fi +} + +service_status_must_be() { + local service_status + local wanted_status="${1}" + service_status=$(systemctl is-active "${service}" || /bin/true) + systemctl status "${service}" || /bin/true + if [ "${service_status}" != "${wanted_status}" ]; then + echo "## ERROR, service is ${service_status}" + return 1 + else + echo "## OK, service is ${service_status}" + fi +} + +reconfigure_unconfigured() { + debconf-set-selections << EOF +kea-ctrl-agent kea-ctrl-agent/make_a_choice select unconfigured +EOF + dpkg-reconfigure kea-ctrl-agent +} + +reconfigure_password() { + local password="${1}" + debconf-set-selections << EOF +kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_password +kea-ctrl-agent kea-ctrl-agent/kea_api_password password ${password} +kea-ctrl-agent kea-ctrl-agent/kea_api_password_again password ${password} +EOF + dpkg-reconfigure kea-ctrl-agent +} + +reconfigure_random() { + debconf-set-selections << EOF +kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password +EOF + dpkg-reconfigure kea-ctrl-agent +} + +test_fresh_install() { + echo + echo "## Running ${FUNCNAME[0]}" + # On a fresh install, which is the situation we are in as this is the first + # test being run, there is no kea-api-password file, and the service isn't + # running + echo "## Fresh install, default options, there must be no ${pw_file} file" + ls -la "$(dirname ${pw_file})" + test ! -f "${pw_file}" + + echo + echo "## With no ${pw_file}, the service must not be running" + service_status_must_be inactive + echo +} + +test_service_wont_start_without_pwfile() { + echo + echo "## Running ${FUNCNAME[0]}" + echo "## With no ${pw_file}, service must not start" + ls -la "$(dirname ${pw_file})" + test ! -f "${pw_file}" + echo "## Current status:" + systemctl status "${service}" || /bin/true + echo + echo "## Attempting to start ${service}" + systemctl start "${service}" + service_status_must_be inactive + echo +} + +test_configured_password() { + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring kea-ctrl-agent with password ${pw_secret}" + reconfigure_password "${pw_secret}" + + echo "## Checking that ${pw_file} exists and has ${pw_secret}" + ls -la "$(dirname ${pw_file})" + test -f "${pw_file}" + generated_pw=$(cat "${pw_file}") + if [ "${generated_pw}" != "${pw_secret}" ]; then + echo "## ERROR, password from ${pw_file} is not equal to ${pw_secret}: ${generated_pw}" + return 1 + else + echo "## OK, password from ${pw_file} is ${generated_pw}" + fi + + echo "## Checking that ${pw_file} has expected permissions and ownership" + check_perms "${pw_file}" "root:_kea:640" + echo + + echo + echo "## Checking that the service is running" + service_status_must_be active +} + +test_configured_random_password() { + local generated_pw + + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring kea-ctrl-agent with random password option" + reconfigure_random + + echo "## Checking that ${pw_file} exists and has a password different from ${pw_secret}" + ls -la "$(dirname ${pw_file})" + test -f "${pw_file}" + + generated_pw=$(cat "${pw_file}") + if [ "${generated_pw}" = "${pw_secret}" ]; then + echo "## ERROR, generated random password \"${generated_pw}\" is equal to \"${pw_secret}\"" + return 1 + else + echo "## OK, generated random password is \"${generated_pw}\"" + fi + echo + echo "## Checking that ${pw_file} has expected permissions and ownership" + check_perms "${pw_file}" "root:_kea:640" + echo + + echo + echo "## Checking that the service is running" + service_status_must_be active +} + +test_unconfigured() { + local -r new_secret="${pw_secret}${pw_secret}" + local contents + + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring kea-ctrl-agent with option \"unconfigured\" should leave things as they were" + echo + echo "## Overwriting ${pw_file} with ${new_secret}" + printf "%s" "${new_secret}" > "${pw_file}" + + echo "## Reconfiguring" + reconfigure_unconfigured + + echo + echo "## ${pw_file} should still contain ${new_secret}" + contents=$(cat "${pw_file}") + if [ "${contents}" != "${new_secret}" ]; then + echo "## ERROR, ${pw_file} now contains \"${contents}\"" + return 1 + else + echo "## OK, same content" + fi + + echo "## Removing ${pw_file} and reconfiguring, a new one should not be created, and the service must be stopped" + rm -f "${pw_file}" + ls -la $(dirname "${pw_file}") + echo "## Reconfiguring" + reconfigure_unconfigured + + echo "## ${pw_file} was not recreated" + ls -la $(dirname "${pw_file}") + test ! -f "${pw_file}" + echo "## With no ${pw_file}, the service must not be running" + service_status_must_be inactive +} + +test_no_start_with_empty_password() { + echo + echo "## Running ${FUNCNAME[0]}" + echo "## kea-ctrl-agent must not start with an empty password file" + echo + echo "## Truncating ${pw_file}" + truncate -s 0 "${pw_file}" + ls -la $(dirname "${pw_file}") + test ! -s "${pw_file}" + echo + echo "## Restarting kea-ctrl-agent" + systemctl restart "${service}" + echo + echo "## Service must not be started" + service_status_must_be inactive +} + +test_empty_password_via_debconf() { + local service_status + local contents + + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring with password set to ${pw_secret}" + reconfigure_password "${pw_secret}" + + echo + echo "## ${pw_file} must now contain ${pw_secret}" + contents=$(cat "${pw_file}") + if [ "${contents}" != "${pw_secret}" ]; then + echo "## ERROR, ${pw_file} now contains \"${contents}\"" + return 1 + else + echo "## OK, same content" + fi + + echo + echo "## Service must be running" + service_status_must_be active + + echo + echo "## Reconfiguring with an empty password should not change the existing password" + # set an empty password (no args) + reconfigure_password + ls -la $(dirname "${pw_file}") + contents=$(cat "${pw_file}") + if [ "${contents}" != "${pw_secret}" ]; then + echo "## ERROR, ${pw_file} now contains \"${contents}\"" + return 1 + else + echo "## OK, same content" + fi + + echo + echo "## Service must be running" + service_status_must_be active +} + + +# we restart kea-ctrl-agent a lot during this test +override_systemd_throttling + +test_fresh_install +test_service_wont_start_without_pwfile +test_configured_password +test_configured_random_password +test_unconfigured +test_no_start_with_empty_password +test_empty_password_via_debconf diff --git a/debian/tests/kea-dhcp4 b/debian/tests/kea-dhcp4 new file mode 100644 index 0000000..66ce927 --- /dev/null +++ b/debian/tests/kea-dhcp4 @@ -0,0 +1,277 @@ +#!/bin/bash + +set -e +set -o pipefail + +bridge="keabr0" +bridge_ip="192.168.127.1/24" +subnetcidr="192.168.127.0/24" +pool_range="192.168.127.10 - 192.168.127.250" +test_domain="example.autopkgtest" +server_iface="p1" +client_iface="client0" +client_ns="clientns" +declare -A dhcp4_config +resolv_conf_bkp=$(mktemp) +kea_password_file="/etc/kea/kea-api-password" + +# kea-ctrl-agent needs a password file, or else it won't start +# this also tests the debconf mechanism +debconf-set-selections << eof +kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password +eof +dpkg-reconfigure kea-ctrl-agent +[ -s "${kea_password_file}" ] || { + echo "ERROR, debconf-set-selections failed to set a password for kea-ctrl-agent" + exit 1 +} + +auth_params="--auth-user kea-api --auth-password $(cat ${kea_password_file})" + +cleanup() { + rc=$? + set +e # so we don't exit midcleanup + if [ ${rc} -ne 0 ]; then + echo "## FAIL" + echo + echo "## dmesg" + dmesg -T | tail -n 500 + echo + echo "## kea logs" + journalctl -u kea-dhcp4-server.service + fi + echo + echo "## Cleaning up" + ip link set "${server_iface}" down + ip link del "${server_iface}" + ip link set "${bridge}" down + brctl delbr "${bridge}" + ip netns delete "${client_ns}" + sed -r -i "/example.autopkgtest/d" /etc/hosts + if [ -s "${resolv_conf_bkp}" ]; then + cat "${resolv_conf_bkp}" > /etc/resolv.conf + fi + rm -f "${resolv_conf_bkp}" + # restore it for when we are called from the main script, and not the trap + set -e +} + +trap cleanup EXIT + +run_on_client() { + ip netns exec "${client_ns}" "$@" +} + +setup() { + cleanup 2>/dev/null + # so we don't have to worry about it being a symlink + cat /etc/resolv.conf > "${resolv_conf_bkp}" + echo "127.0.1.1 $(hostname).${test_domain} $(hostname)" >> /etc/hosts + ip netns add "${client_ns}" + ip link add "${server_iface}" type veth peer "${client_iface}" netns "${client_ns}" + brctl addbr "${bridge}" + brctl addif "${bridge}" "${server_iface}" + ip link set "${server_iface}" up + ip link set "${bridge}" up + ip addr add "${bridge_ip}" dev "${bridge}" +} + +render_dhcp4_conf() { + local -n config="${1}" + local -r service="dhcp4" + + template="debian/tests/kea-${service}.conf.template" + [ -f "${template}" ] || return 1 + output="/etc/kea/kea-${service}.conf" + + cat "${template}" | sed -r \ + -e "s,@interface@,${config[interface]}," \ + -e "s,@dnsip@,${config[dnsip]}," \ + -e "s,@domain@,${config[domain]}," \ + -e "s/@domainsearch@/${config[domainsearch]}/" \ + -e "s,@router@,${config[router]}," \ + -e "s,@subnetcidr@,${config[subnetcidr]}," \ + -e "s,@poolrange@,${config[poolrange]}," \ + -e "s,@multiarch@,$(dpkg-architecture -qDEB_HOST_MULTIARCH)," \ + > "${output}" +} + +json_get_length() { + echo "${1}" | jq '. | length' +} + +kea_get_leases_by_mac() { + local mac="${1}" + echo "\"hw-address\": \"${mac}\"" | kea-shell ${auth_params} --service dhcp4 lease4-get-by-hw-address +} + +get_result_from_lease() { + echo "${1}" | jq -r '.[0].result' +} + +get_number_of_leases() { + echo "${1}" | jq '.[0].arguments.leases | length' +} + +get_ip_from_lease() { + echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["ip-address"]' +} + +get_mac_from_lease() { + echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["hw-address"]' +} + +get_valid_lifetime_from_lease() { + echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["valid-lft"]' +} + +check_leases() { + local data="${1}" + local if_mac="${2}" + local if_ip="${3}" + local res + + res=$(json_get_length "${data}") + if [ ${res} != 1 ]; then + echo "## ERROR" + echo "## Expected 1 result, got ${res}:" + return 1 + fi + + res=$(get_result_from_lease "${data}") + if [ ${res} != 0 ]; then + echo "## ERROR" + echo "## Failed to obtain leases from server, code ${res}" + return 1 + fi + + res=$(get_number_of_leases "${data}") + if [ ${res} -ne 1 ]; then + echo "## ERROR" + echo "## Expected 1 lease, got ${res}:" + return 1 + fi + + res=$(get_ip_from_lease "${data}") + if [ "${if_ip}" != "${res}" ]; then + echo "## ERROR" + echo "## IP from lease (${res}) does not match IP from interface: ${if_ip}" + run_on_client ip a show + return 1 + fi + + res=$(get_mac_from_lease "${data}") + if [ "${if_mac}" != "${res}" ]; then + echo "## ERROR" + echo "## MAC from lease (${res}) does not match MAC from client interface: ${if_mac}" + run_on_client ip l show + return 1 + fi +} + + +setup + +dhcp4_config["interface"]="${bridge}" +# get rid of the CIDR part at the end +dhcp4_config["dnsip"]="${bridge_ip%%/*}" +dhcp4_config["domain"]="${test_domain}" +dhcp4_config["domainsearch"]="${test_domain}" +# get rid of the CIDR part at the end +dhcp4_config["router"]="${bridge_ip%%/*}" +dhcp4_config["subnetcidr"]="${subnetcidr}" +dhcp4_config["poolrange"]="${pool_range}" + +echo +echo "## Configuring kea-dhcp4 and restarting the service" +render_dhcp4_conf dhcp4_config +systemctl restart kea-dhcp4-server.service +sleep 2s + +echo +echo "## Obtaining IP via dhclient" +run_on_client timeout -v 60s dhclient -v "${client_iface}" +echo "## OK" + +ip=$(run_on_client ip -4 -o addr show dev "${client_iface}" | awk '{print $4}') +ip=${ip%%/*} # remove the CIDR part +mac=$(run_on_client ip -4 link show dev "${client_iface}" | grep "link/ether" | awk '{print $2}') + +echo +echo "## Got ip=${ip}" + +echo +echo "## Checking leases that match client's ethernet address ${mac}" +# this will break if/when we close LP: #2007312 +leases=$(kea_get_leases_by_mac "${mac}") +echo "## Leases:" +echo "${leases}" | jq . + +check_leases "${leases}" "${mac}" "${ip}" +echo "## OK" + +echo +echo "## INFO: Networking in the ${client_ns} namespace:" +echo +echo "## Interfaces" +run_on_client ip a +echo +echo "## Routes" +run_on_client ip route +echo +echo "## DNS" +if command -v resolvectl > /dev/null 2>&1; then + run_on_client resolvectl status +else + echo "## Skipping DNS info (no resolvectl installed)" +fi + +echo +echo "## Checking that the DNS domain \"${test_domain}\" was added to resolv.conf" +if grep -E "^search[[:blank:]]" /etc/resolv.conf | grep -q -w -F "${test_domain}"; then + echo "## OK" +else + echo "## ERROR" + echo "## /etc/resolv.conf does not contain ${test_domain}" + cat /etc/resolv.conf + exit 1 +fi + +echo +echo "## Releasing IP via dhclient -r" +run_on_client timeout -v 60s dhclient -v -r +echo "## OK" + +echo +# As per entry 2072 in +# https://downloads.isc.org/isc/kea/2.4.0/Kea-2.4.0-ReleaseNotes.txt, starting +# from kea 2.3.2, a lease is no longer deleted from the lease database after a +# release request. Instead, it is expired to enable lease affinity. It is kept +# for `hold-reclaimed-time` seconds. Its default value is 3600 seconds. +# https://kea.readthedocs.io/en/kea-2.4.0/arm/lease-expiration.html +echo "## Checking that the lease was expired" +leases=$(kea_get_leases_by_mac "${mac}") +echo "${leases}" | jq . +n_results=$(json_get_length "${leases}") +if [ ${n_results} -ne 1 ]; then + echo "## ERROR, expected 1 result, got ${n_results}" + echo "${leases}" | jq . + exit 1 +fi + +n_leases=$(get_number_of_leases "${leases}") +if [ ${n_leases} -ne 1 ]; then + echo "## ERROR" + echo "## Expected 1 lease, got ${n_leases}:" + echo "${leases}" | jq . + exit 1 +fi +lft=$(get_valid_lifetime_from_lease "${leases}") +if [ ${lft} -gt 0 ]; then + echo "## ERROR" + echo "## Expected expired lease lifetime (0), got ${lft}" + echo "${leases}" | jq . + exit 1 +fi + +echo "## OK" diff --git a/debian/tests/kea-dhcp4.conf.template b/debian/tests/kea-dhcp4.conf.template new file mode 100644 index 0000000..2addefd --- /dev/null +++ b/debian/tests/kea-dhcp4.conf.template @@ -0,0 +1,71 @@ +{ +"Dhcp4": { + "interfaces-config": { + "interfaces": [ "@interface@" ], + "service-sockets-max-retries": 10, + "service-sockets-retry-wait-time": 1000 + }, + "control-socket": { + "socket-type": "unix", + "socket-name": "/run/kea/kea4-ctrl-socket" + }, + "hooks-libraries": [ + { + "library": "/usr/lib/@multiarch@/kea/hooks/libdhcp_lease_cmds.so" + } + ], + "lease-database": { + "type": "memfile", + "lfc-interval": 3600 + }, + "expired-leases-processing": { + "reclaim-timer-wait-time": 10, + "flush-reclaimed-timer-wait-time": 25, + "hold-reclaimed-time": 3600, + "max-reclaim-leases": 100, + "max-reclaim-time": 250, + "unwarned-reclaim-cycles": 5 + }, + "renew-timer": 900, + "rebind-timer": 1800, + "valid-lifetime": 3600, + "option-data": [ + { + "name": "domain-name-servers", + "data": "@dnsip@" + }, + { + "code": 15, + "data": "@domain@" + }, + { + "name": "domain-search", + "data": "@domainsearch@" + } + ], + "subnet4": [ + { + "subnet": "@subnetcidr@", + "pools": [ { "pool": "@poolrange@" } ], + "option-data": [ + { + "name": "routers", + "data": "@router@" + } + ] + } + ], + "loggers": [ + { + "name": "kea-dhcp4", + "output_options": [ + { + "output": "stdout" + } + ], + "severity": "INFO", + "debuglevel": 0 + } + ] +} +} diff --git a/debian/tests/smoke-tests b/debian/tests/smoke-tests new file mode 100644 index 0000000..2de85c4 --- /dev/null +++ b/debian/tests/smoke-tests @@ -0,0 +1,63 @@ +#!/bin/bash + +set -exo pipefail + +# kea-ctrl-agent needs a password file, or else it won't start +# this also tests the debconf mechanism +debconf-set-selections << eof +kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password +eof + +dpkg-reconfigure kea-ctrl-agent +kea_password_file="/etc/kea/kea-api-password" +[ -s "${kea_password_file}" ] || { + echo "ERROR, debconf-set-selections failed to set a password for kea-ctrl-agent" + exit 1 +} + +# Arbitrary wait to allow for the services to start. +# This is needed to avoid having racy/flaky tests. +sleep 5 + +# Check that the PID files are in the right location +for f in kea-dhcp4.kea-dhcp4.pid kea-dhcp6.kea-dhcp6.pid kea-ctrl-agent.kea-ctrl-agent.pid kea-dhcp-ddns.kea-dhcp-ddns.pid; do + test -f "/run/kea/$f" +done + +# Check that the sockets are in the right location +for socket in kea-ddns-ctrl-socket kea4-ctrl-socket kea6-ctrl-socket; do + test -S "/run/kea/$socket" +done + +# Check that lock files are in the right location +test -f /run/lock/kea/logger_lockfile + +check_kea_version() { + CHECKED_VERSION=$1 + if [[ ! ${CHECKED_VERSION} =~ [0-9]+(\.[0-9]+){2} ]]; then + echo "Version [ ${CHECKED_VERSION} ] does not match X.Y.Z format" + exit 1 + fi +} + +# Check dhcp4 server configuration file +kea-dhcp4 -t /etc/kea/kea-dhcp4.conf > /dev/null + +# Check dhcp6 server configuration file +kea-dhcp6 -t /etc/kea/kea-dhcp6.conf > /dev/null + +# Check if we need to provide authentication +auth_params="" +basic_auth_params="" +if [ -s /etc/kea/kea-api-password ]; then + auth_params="--auth-user kea-api --auth-password $(cat /etc/kea/kea-api-password)" + basic_auth_params="-u kea-api:$(cat /etc/kea/kea-api-password)" +fi + +# Check control agent API +TEST_KEA_VERSION=$(curl ${basic_auth_params} -s -X POST -H "Content-Type: application/json" -d '{ "command": "version-get", "service": [ "dhcp4" ] }' 127.0.0.1:8000 | jq -r '.[0].text') +check_kea_version "${TEST_KEA_VERSION}" + +# Check control agent API through kea-shell +TEST_KEA_VERSION=$(echo | kea-shell --service dhcp4 --host 127.0.0.1 --port 8000 ${auth_params} version-get | jq -r '.[0].text') +check_kea_version "${TEST_KEA_VERSION}" diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..7ffad73 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,6 @@ +Documentation: https://kea.readthedocs.io/ +Changelog: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes +Bug-Database: https://gitlab.isc.org/isc-projects/kea/-/issues +Bug-Submit: https://gitlab.isc.org/isc-projects/kea/-/issues +Repository: https://gitlab.isc.org/isc-projects/kea.git +Repository-Browse: https://gitlab.isc.org/isc-projects/kea/ diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..876061d --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,175 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNjen4BEADDHiUVNbkFtiKPaMWjKxbKmF1nmv7XKjDhwSww6WFiGPbQyxNM +r8EHlEJx5kMT67rx0IYMhTLiXm/9C4dGYyUfFWc35CGetuzstzCNkwJs7vZAhEyk ++06CX4GFiHPOmWIupGCxFkNz1Qopz3ZePMlZRslVCHzW4dbg5NKLI0ojXlNaTDU5 +mgUXpsPi/6l6QE6q3ouvmWPF4u71cZ1+W4UkIRAXOlbVsDzGaMaoHjJd8cOM8DrZ +gKHACNPjzqOvEujXDC2vyKw6XpxR+pHz0QcrRtlKnVhPNiKcDfw2mJJ5zxi9uSDc +dh5FomMn9sS4gy2Tub2urELnPf9xnURftRGG3VO6nZc81ufQB4s1BNT2ny0Uhx5V +mXUJwefMypMBfAvWCWBCeyWYtBeo7LT3NmtLq3oVGPfl7+a0ToFAYeghspK8/nOX +6/fqF1MEtzvWjXljz6K7FSDYSY9AoaESLHGwCo6dtff5S7f1+l6PCUNo6aM/B5Ke +SIAN9Lm6z2iVuy9Lukw+5IRoRKHHV4rJauPtDeYoWnNiSd7Q4vFtotUIjRpDARpm +xWS711Q2T+knHFLEiU8QzxjLhOnTzh4n9dDLHCkOY5WM5krldVeL5EuTyPKinuSn +oE01A7I4IGJp753CshibxjNYDiEOVeK93R38Y543edlIrYxnfyMVsiqPkwARAQAB +tDRNaWNoYcWCIEvEmXBpZcWEIChDb2RlLVNpZ25pbmcgS2V5KSA8bWljaGFsQGlz +Yy5vcmc+iQJOBBMBCgA4FiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmNjen4CGwMF +CwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQUQpkKgbFLOwiLxAAjYuI4JQ8mPq7 +YrV9m4tu+jOKvoKfpjct2Rh02n/X3ChOgrdcXU898eH56tRk8Mv/E+cBTPN9zQn6 +rLprbYR2t2R+zgvuUZWA8In7aewoPIJw8OdlG0gTK9m3VHJIOhIX07qcFttSZw4m +4rEU5mdxi9FatBWBzqnVm4Pn577aqRXK908j+6TvgWbZ6Cq0tw3syVT4kGj+93+P +uIQQQkTYN8UDQPsAKzfzkbQC9I5YXBKUoB9CfhXig8V9N75R0gsWkJ8Vy/8wsPXT +9/EPIIzhnhSuUIjvvBPbLGrzDgbhrfUQ/QVuXDVN8xl3rAWM/tiNGOnmzoYORyM5 +ftrnCDIaO4aVKR6rtEzfdQa5Kid1StfhFien/U8jYErxkEn2HRt2gVEX5nYq31T+ +0jgVode2Dzkm4+HKHmfOYsQeC07Mu6wZw9raNYqFjTcfh0ajFpLIT3j2YqOJE2jy +KbcveJcy2NiOiUl13exIZuBkZm0wEVbvgVX1PlgL3GJqnbU/Q+maRTb8FBoQVsOd +GIm7U/phU91qR+00SkOcp2LgHCCNKrmHXgiBNYBbInNIp6ze3bFvfKTRFn8WdY9v +Z7vNfKar8rt90mpjYG9qMhmvh4E9icfp3wRUtOwyi7VVtVTTUq0iFTe2C0m0v6KW +XcDwwwaTbl79BOqOH3Gp1flS2ECBsyiZAg0EY2N8xQEQAMWcyZbpxEyefX4JTszG +ocpz8C8yqvZJQUfoDK5AecQWR7OegPkIqwJcHEH5cz+MduklXNQdra/snn6pxGig +At3xCwfzRTH/aYXdjcjnma1elzZSTgk6Maw4zR/W9wea2DcUtMCcsys0gviN/VUe +Aqt+5pmhy2PlEWfJG+Mzyrqgz3Q8hRyAJAKONAwNhs1A4ZqQX/6iuCkJbH1CBeoW ++c+5qJHYEXsx25qR1yiKOFo5b90QOcwaebUq+xKQRlnESn75FTgDjDfDm9BqrHcn +Tv79kOuIN5vhz4BCsuo5QbNu4RGrs/1VSTPvMf5AN7xs9pYNMAEde7pSF1Ps3B5p +CE6iUw9L53ytV4iJQKXpzG29LofUu65YQjIXPgK7NbBO7FUHA41YbSfoWiOAjfMh +iE025YM2+RPQh/Nrc3PqBj4h21ycT+d8eEXKfc/okbVFFE9dKS1hUwKgSrs7baOG +CBZdpiB+t3jWrr8UrteALab7v0rndco3QKOe9U3f+Gm3MdgLK1TGiRgpdyiIXEel +J7zhsdoYEvaKMgUOjhf+COdlf8b9ITg93mDKe8h0OcpirCXw4O2ma3sklabzZKZf +CPhhja6Ro5gmO5pxaLau+esQWNrjEikynNIs+GRphtcFsVVH+ww26mR0nI65Llgv +kb4+DrbDGSPP6R/C2q/LMLM1ABEBAAG0ME1pY2hhbCBOb3dhayAoQ29kZS1TaWdu +aW5nIEtleSkgPG1ub3dha0Bpc2Mub3JnPokCTgQTAQoAOBYhBNmczq+Hl0cBTwON +YxguI1eUYu+qBQJjY3zFAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBgu +I1eUYu+q9IAP/j/GGneuvjwbXdATiQAmkiFlOxjs+SsO/hgA/mmWcm+Kpg4cAlbP +C2xEDa6biJyZ8TmLZEqPNrRm/umiisC8JnIJpIbInn42n4aDCRDW35lrYGdnP1Ft +fexnEOWAJBDRVvh9OnfRfvf+HLFfLFl40b/15YzkTYGIfrMR9y8zalkzXxsVNsyr +9Eq2pmYR7BT2z8d/9SAVuh8D3qgUylIgcFcCFJodsrI4zJSpIMfMntwVsZxDlis8 +JVFN8/pfhuBBe6vjqX/cGJnj6OL3T12jvvniv13W3rar2Ocm6XA9j1t5TZNhKqAy +azAKu52NtdJjh25B6C/H+haXAX1eduCCE74uSarqS3F1wf6JI3p8fnWzk4hZNzxp +nZjIk3vrHNjE4jXTZosXCf5DoVRfMpNbxj3YEnXV+kNZQRYPPatUPgFYbxz91hbN +tHyCiy0GmTyf0QId8LTc0y9mPtP9QureJJ6rL8lt7pvXyrYglqhxDgRhJIGKMKdw +0bQtTEF4tyNzC4/sg4/omAGH66clhXlqMmuUjHSUiQyA4LL1mJl63Q+bwqXX4B8t +898tSUmb4Jmg3jLZ3Z9Hl7H8Sp3yYPOLzb2YUF6w3xFsUrNNzVxHFo8tAtEhtEfX +D+ypkowZq8g41WqMlOBrrzQFuExUSXckH2Cn97lV6lkBoueqxP+Zv0bbmQINBGNj +qIkBEADDw/CKszyuFKpVp4Z26rKJ3ooOlp8p9a+fmfuknPtMjJMSX8xK8pOlK739 +K83yvDRUidT4+R9IAUKM7TqGA0hoPZmZQLiK0YLlAAXufKxO9IsDZI/7DuF2d8fu +usKQfS4oJC/IbzOAVwgwodnvKhttLWutT09GxiHrnfVPu6Uf4A+GWtrcTIWhXuxE +m7+16ToxBOTLtQ3hh79/RndUuM0ldKRRzJUzASGIPmdQJDLCKgSSeaGjZAdq6gkl +qT/K/R8eoLWSOaBRq8lBE1k7Tq4nSwthMHtCQq4+vxFWH3VF9hwy6ixccROPqt9s +fNfJK3KF4KGhfejMuVn/Lxp1v+Ne2DsdnVofFakAbBMpMyauzAyXPncYSfFhzLBD +kkn7THkfRznmHD8ux89kV534EyqYLjAy8AAD6zNc3tSYgfC0UUw7yz05Sl/eV9Xc +pbezu2ipONlXko8jpCQiiHck599cy+StrjjYPwcHF5m8uUlNnzHoUj8qsoK5SA8u +RnTW2I4DFbL0+x8eL7gmNQYFdMaA4azogtaTFWgPL2jPJ3B+/bUfHDZflvR0FB5+ +OD/QHsDv4SB6uX8TOhGbFsHpt7E0scb2U9B8gQeQQJZ3jmcIRp+K18mjYh/ErDFW +23ixBe7h3tn2MGUTOhv1ibOYDE3GYBuGLQiom6yhCs8zrneuAQARAQABtDFXbG9k +ZWsgV2VuY2VsIChDb2RlLVNpZ25pbmcgS2V5KSA8d2xvZGVrQGlzYy5vcmc+iQJO +BBMBCgA4FiEEAlmjO19aOkRmzzRcel4ITKylGIQFAmNjqIkCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQel4ITKylGIRk9g//XrvOYy9zQkpo4Dkol8yLxr99 +Dq9Ur2v8F5Ba4za4QdUxeYrlq8J827mkUqMtnlyb/+3zSMy2I6HAI8QxlDZL5K0g +Gm7iLrwVTM8nAQiNU5vAe4D6PeO5ATBEvRdAUTQGz4xeaTrUXbmNUSC1dZEPvH1z +Fa/Z1WZoy9GLeuWDXix6OXTP8FlQWUTL4/ILLtfJDsWCCX7efkyfnvad8Ye2NfU9 +tBjRX5QQ0Dpvgpr8/7El44XcmaHxPWEiq8X2p/d6j3nU/7LspUXRu3ptu5Q2RqMM +iRDZme2c8zieHETpC7m5sshzGxRtT5jWEtZ6V37On5DNTObvXCiaGV95qgiHi5VG +s3MFD3QSo1jJI951k68UM8V+OnzbJGN7TezZ3fTn5Pwdd4C4035QMl0E5NXCcXc8 +9d+3DeFmewRRGCaOKPuO/jFPLWcwMlQqp5tkNx8LpqEZfD7/t6FrSvDUsUDU8Rn0 +TQILnUZioO68HmeuJbhKaUCMuZGjBIbBqviiufFRiJuEFOVKADQ1u/P5ct/0T/gE +JAho3aubzdYMH5DLsaw03W5KfOjeTLW10zSmSK65wnR6fdwlo5l/Sg6Z63QXD+/H +/OIFgzviJkyoh6MkH55z2K8BDWbhOmaUBjNAcQEXV1KyHeLDkQ+TJfLjctv4KIpv +D7i6kNIp1b6OSdDS9W+ZAg0EY2OzdwEQAMRWPO237ohaXNpKO+dw1qkfOYYisiTQ +yfkT7BG0Xvu8jxeOdRuvUzzplgOfwWhOQkyEEXd205/PpwReeeRwhiu0BDSrzYGM +KZdw9Bw4enoaOinf5WTqM76mc5WUYfvDJIiHies+ANxj4EqTzvSif9hxvvzrbKYV +lHdaGtLm40D6yZSzDEe3X49DmEABM4g/Bs7NfVJcJ3LtLo6qbLy2tKEgNPW+VN/s +harufucxnH5HM6BUUOGZx8L04UCNJu+jvZ0zjLc5DqubNO1526kZclAo94DfTkb+ +ir9nxKn7RkdcseibeYPdeIh3le6aU6M0KhTJs3RCxaQF9At08Vrrkh+wkK2Jr5QW +bs8cHpEJ+Q7BwDuAQetFi94eq7Sswh4mjhJ6ZnFCx8v9EbQnvL76afMbhZOezpaQ +aAwXVuIio2fsJpHfxWnXb93H1QKiOQdBZZLQGowcFQCqAWg7h2FwWWbKMV1smGHr +/28tLZtk/4aSCd9cZ9+nofFPPemPLbYwnBECIZN21QKZ2oBXKxb3hchy4EBTKWtC +G/fbTsjSfTCUpMNZ57HO3rGXchjSdIf+tTGJpAqWkTcXuhWXBMWPK6/2REk/DKis +XHugHg9R9hqGs2DaMpGh5NrOLly9+0dsjU15iTQucXbCS9895bRtmDjIN8dLSo9H +6DDw4yO7SHTlABEBAAG0NE1hcmNpbiBHb2R6aW5hIChDb2RlLVNpZ25pbmcgS2V5 +KSA8bWdvZHppbmFAaXNjLm9yZz6JAk4EEwEKADgWIQQJCioHkj+SW1dngDpC5d94 +yDJx2wUCY2OzdwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBC5d94yDJx +29U0D/41C8WaGEphQW1N5lT/1284qiPuz3w3iSciAAoAe8iHUGBcSNpAWQmWvWXI +buKb92Gtt8JtSOHwQj8qiHjqRsUu02t/tEgQMQUq6p2jqbxODJfHR8oMFMMB0i0I +RgKtEQeq5wRJpVtH+zIFSl9PorsJtHHfhVbqxvE/axcNKa+WaqZdHuKMqADupQEw +6rD7yYVX6YPiHxMhba2AAAoHT/3VpHC0JidZ5BWGwkfnGbV1/7O91GHfJx6KN/AK +DKb5hFl4TrieDLJzphBWg0y4FJ4K7WSIKvcT2cLel9f9pHV6ysqSZWkCbkjkaVIi +LyoA0o7l263WU0D5oG2ihW6Pa2YrWHDDjfTem+kOEFsMjN+Gw74I4KWUBtldfnHK +A8TyeviKkVok1lwDAoJ3LJi/bcyCLgBZLInOU31mQ7mIXq1ENCOIvQvaG0Lwdt59 +sBI8sknHkt+54t/VCaKbWSBOzgGur6EDf9WtPHWvHNCKEleDiHCELdhRYYtENO7T +vTv6Fq6Lh26dor26LnARLPvGLAKwONJ0vlTEG8IyoD5AHz9MwdXYgzh8wIvc/HtD +/0FlQGLd0WYVI6UjZfPxHOZAzARJKXLJMqiSn8hnO8v6JZaUcOF0yRKTKtzqsjzU +v9TubCGdQAaCSCaD2fmA0BEs/FpOnZ8P1fXMpcHGEtMV0qc0wZkCDQRjY7/GARAA +ubCCHkdiMblMA9ZlcOVN1Wep7TuYxQouATTb+73iHDQRNIU7DvluHoSq5zJe1Qst +zjTmtlkr2dyI5JnBexUEKrw2X7gPXfLaXY01gLLB/Jn8tU9VxPqBybxmjmEdP58B +I7BwmCyMYNqDuvPSfTMlogH/pF35Al+c8UbOfDEQqxSO2nKPNa4T5ZoVxvMxV4gn +hEJPv8Xte/wiE+CxxbmO2we6rwJjWe7O3T0mNmqvpO8iIsLlQnwTFD5L1huywPc0 +UDHK0nl8k2lkue2buaOiancLatXt/i+L1DIimCgZwOt3DlVLURH5lz5ALXE/fn+5 +wKkp+XVyNTAEFhSGifgBDYFw3nZeRTU7unMsRssL8SjuwPWoCcRI/3VE08xCuXc+ +h6NpGfeJjLRgUSSBF+958djY320TcXaRLrqRhjcJ34dBsDYsRSC15nnq2JU6Vj5t +rJL9qOdwVAFwKeAfROUULcy/LHZ3QgKLN5jOfdqYzE2KHk1+VANttRPTG34i6uq6 +yzCFFYadwST22+QWvxh2ohYj2INvvrzRf3lVxssWyb4USB0JPajgnGeNY/hSYfDa +KArqOr9S+3q7h0v4RgoPxDRFIC8v/10W4wPC7R3wj0m/1WHkSm951Wtzq3V84uCF +LLhx2ByNpnJFRFqklonAH3WHUIeYcdXAsTeunrGU/XsAEQEAAbQuR3JlZyBDaG91 +bGVzIChDb2RlLVNpZ25pbmcgS2V5KSA8Z3JlZ0Bpc2Mub3JnPokCTgQTAQoAOBYh +BJWA1r8syA8eO7ESUt6rkdVLE8m4BQJjY7/GAhsDBQsJCAcDBRUKCQgLBRYCAwEA +Ah4BAheAAAoJEN6rkdVLE8m42PwP/RFmUzgsoM23Z/NQ2AacCFTmHweEllkmf+25 +3hP80BuSHKsdzlmllFux+xbKZEpQK0nL3fqW8yyv69WmsoKZPpZJxmQ6bwUbtXC7 +rHkt5gfOXiTaxDBmgO2dcnDsKLb+bEQ7C5hay1P8rOvf13a4UZeTP37gRGmMr38+ +LvADIspIxBdSvFa7Hb4HKG4VVDai8jaPCF0q8daEWMJxyKSfOQBtSVVAzjLcGrYR +bCPDAI1DEASyQOru52WREe4vJCwSaq9dZyGhaWcnyTVQO8bsSLxu7cUVxA3SOheQ +izYKkYNbaBDmWlZxLYFsTUf5izEYdW5BwHaowmw22hSspFod+c37BoY/ePfkR5iQ +YuEff/unyqvdHMDqIXWZqpAi5o5hW3jdCd7ZL5T0WWjz4CQ8eko1ZYYnYzZlDrge +F0veW8+lzHBLx3Ad8HyVGwtRe+VV1V0AZ0lpWMtxo02ZDRtqNDqPqVfLT5P87ZPv +r5GhKtedgrjwY2clgmCT0xgAKNxi2SC+c/vI5PRkIoqwbTiryLIYq8tl6T1k6AMY +eN1ZNQR7eNEXpIvYRD/BZw7IWKkCRaKwfDVhUHCm0ikylwdLXIfEEEA5mu2LJeZh +vCddhks0S8+lRyWR/3okurF6rlloNtM1pslceh2AMDwfs3fORhYJxFsV7O7fyRnD +NS93fq56mQINBGNj8P4BEADXK//p0lWEUNUYirsm6BUyUXqPlPrpVTdPB1tJPj1o +zgeMKFOpYRPU1IZF1G6pbKD09gL6y19LehQYx1a57PF7kCx2ZvvcFN24EHto1H1p +Ti48dZ7KyyEO1rBeLY5Zjgz6YvQZcSH3cd6cTrAo7hPIAjtgSTWp04FjtYJqf+tT +gf+9ZWY+i4nQ6/Q5Z5NUd8jsOcOoFDsmY6Fds+lzn0aZSg2yfd8fnX5QFOIwDv66 +aM25q2kvkrX0wtvSQbulC8x5g6fIB3xEL6MWbXcEBYkBMW5Cnw/Kmyj7lJwVwvEO +FFhKaOH/d2LG3rM66gl048aJYLhEJyFSyooBynXs8S/NLDgca94Bvb54FPX8LC3p +lqJRLxhdkha5NLcUYiHOq/L7LWdThh5rRAy87Ggog8TVza118K3oiYujlyVEzLhB +NVMT8x5kl15YknVgOKJAv9j28bSZihHrS7aga1BtYFD8yA9MuuDaHARV6YmThkdg +OEz/PNECjsxCLcT5Bbthzg6Jg1qo3Unyeup0UbyX4zxSphCVmerDmMYddLjJ/ydc +1uxyn4IPINBSx2sAPuUIymhVC29MB6N+SnB37/poTvSsIH15Vg264OVdaervIpuC +W3eUANr7zrdO85nc1CTWGhugFwccXv9nyxAt8zUF/ci17p1/mLpy9K3LqlStVI9j +MwARAQABtDBDYXRoeSBBbG1vbmQgKENvZGUtU2lnbmluZyBLZXkpIDxjYXRoeWFA +aXNjLm9yZz6JAk4EEwEKADgWIQT8h0w+P+hncHCscb617/asfhrd+AUCY2Pw/gIb +AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRC17/asfhrd+HM6D/9KD/n245Fq +jVzew92lJtufAxAFkTA5WO6fXweMlUeqMOub4vpVMLPLoFe5TzWbJMtF0m/P5+aU +YbcvZBWFHsrnwTgA55c1VrhggLOxpw4EU0TvBdwrO7PFOYc2WznaMG+mJdqw+uNM +yK+G44aIaC6rvi3ILSo5HPnbgQWHs39QIRLLcUjtqvavQQeyYAl0zrvNI9Xrs/Nf +eE6PS4hIXg90A9VJRhay18w9hA+STb+xmK+3oSwP1ayLqqQ43OnV/pExSHBsjBQk +4p1nIPlRFL30lGp/o2MoBsRvQM1tELpgBTk1LaTHzuKEpOskrWU37xu0QgEtj7YE +r0X+GGBxgJuUzqSyLsaDgH1sEDqE+AthFfv2dxDadcXM2cdch9y3OyuSMo89aWGc +mEVyesjYoV40tDCG73qLtfehhV/iARDMCfnZGyGYIZdDBL+tZTNeLKVDIUi/R3x9 +OmpEl8ZuCuYltyEsJnCF/rQBVMgcTOmsMu6CMx+qT3kC8iGtHqkUT2ufpKISahTn +e329FQjClEWwBHkr0T4K80Z0REjSo6UBtio73IOCxXe0RqO37L/qgo8xKZbLxy86 +857PRWJhgbw169FJ2kR5p+M5d/g/MUeYnigvWlORW5LyrFg6RnZ1ZbULZI80QhHN +aSFf/w020HBsLCkzWA/XM6MO2ifJTSn8NpkCDQRkSjCrARAApLUMHAbmxUMWLgDQ +apRZBwWXriEyIVqA/SIy1PyWPPFXqs3LZ5Kn5Gw1WO8PfzkPZNtccGmNLjujIoRB +qR41nV5zxcpS896SujBoYl80A4F4v9Op9i2pFeI9r9acFcUDjbGWBqNro4EfRcJN +Ctkd9+pl3TUvFX06QCTxmmHy3M81SW3b4NWI+jia1cKjCd+qBFBgKWdjSMBeVTBC +R9eKqsBQ1UJql2bRzc8pReS+TYCeEbhaOCvUCCKCwGtsSUOW726iNB/4zR4OOuQV +B9ORufwed+E/RXa8N08/l5O96uXG0krJtOVm0/qQcXOaKxiDo6djnAgCdjFK5zaj +7594wqbI7de58alWb/egqIhjBTgk+/cO+epZ05qx5SoJZL7ny2ottrfS2cBqP4g1 +SIt1sYl9ImHmJkNrNDy0s25nE9Nga6OfRqVbwnwot4ouTGwj0oZsCjw+gWjDdztH +1fUWSnlA8jaX9/RZG2wKt9dI+Tp/U4d5dyTb8lIIzzgtAzDmDfPxwwT0rxAAL13A +gDkJ0AzXA4WTOxb/JE2yfCz//kt7n8SYM//LixL4VAB7e/wnfZBhTq0OFpaPjFU0 +h/k0dc40AqcUuK3lSSjQr3KTzRHtjz8qtN4DFSuyZac83QSVtWE1rFKjS8bl3XHC +kFFRJ2dMt2WRSkLOYNiTGbYLvmEAEQEAAbQwQW5kcmVpIFBhdmVsIChDb2RlLVNp +Z25pbmcgS2V5KSA8YW5kcmVpQGlzYy5vcmc+iQJOBBMBCgA4FiEE2mo1COZypJ3T +gq/ZW49NkbiO2QkFAmRKMKsCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ +W49NkbiO2QnQZw//XCpeqT0z/sqtu4FYWwYLz1OvWqhe+uA45f9BccnNSVkGFa7w +3hlLQC/FLUIx2cVy9AluJBP29iQge/bCcXnzo/QvCbhe/4lCTxhr7nsBe1bWpuNI +4Pl+cQxZQBwcz74zZ1jjaaQOqm3XtdZxeKNfCQmNvz389UZEk2m8K6qJD23fy20V +n5Y2C502UuP3MitbYKBxBSbs+Auwy1evz/prQ9VeD4Nv3Zr+jWbWFW+dSDC8jkrX +cGdwWrUQ51QD8VBB9lPWPGY6yTbRmacr4AlVSo2DAfyjHRrGHigRF/VAD5p1+u2g +3UFLJaEyujfzwU1kG4+zQCWZ2W2UBOekklq/yefxEY5vU1/Lad7vQhBmogQNF21T +FvLUE6ez7XNsdMZStDPiT8OoTyFZYLRM4yw5rWKw+1mICBv7NV82YD/8hoMoZPyX +2tNRTXv2MZ6qD++0dMCIZNEyFTB344srvQSyJ7K7vwxulc7iFWngRA8oe6JkAhH4 +B0yNq1FJm6jIL41S2FmnDL3DlfAdKWapBqzgqkv+X5DQBaTlG9a4BcSsdMJgU/Yx +dD03YsKhDtEWTqBmmEamR1K1CgCC3mOJfsHB5z+Qhdraz2hMr00EQrD5lnpLLpcF +rYWoilvVlRy7Y7U5wfhY4074L2ZfB+yElKsvtfGKJX/8g+eJdeRuII+hjEc= +=NX7P +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/usr.sbin.kea-ctrl-agent b/debian/usr.sbin.kea-ctrl-agent new file mode 100644 index 0000000..daef478 --- /dev/null +++ b/debian/usr.sbin.kea-ctrl-agent @@ -0,0 +1,32 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-ctrl-agent /usr/sbin/kea-ctrl-agent { + include <abstractions/base> + + network inet stream, + network inet6 stream, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-ctrl-agent mr, + + owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid rw, + owner /run/lock/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea-ddns-ctrl-socket rw, + owner /{tmp,run/kea}/kea4-ctrl-socket rw, + owner /{tmp,run/kea}/kea6-ctrl-socket rw, + + owner /var/log/kea/kea-ctrl-agent.log rw, + owner /var/log/kea/kea-ctrl-agent.log.[0-9]* rw, + owner /var/log/kea/kea-ctrl-agent.log.lock rwk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.kea-ctrl-agent> + +} diff --git a/debian/usr.sbin.kea-dhcp-ddns b/debian/usr.sbin.kea-dhcp-ddns new file mode 100644 index 0000000..cb29b68 --- /dev/null +++ b/debian/usr.sbin.kea-dhcp-ddns @@ -0,0 +1,33 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-dhcp-ddns /usr/sbin/kea-dhcp-ddns { + include <abstractions/base> + include <abstractions/nameservice> + include <abstractions/openssl> + + network inet dgram, + network netlink raw, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-dhcp-ddns mr, + + owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid rw, + owner /run/lock/kea/logger_lockfile rwk, + owner /run/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea-ddns-ctrl-socket w, + owner /{tmp,run/kea}/kea-ddns-ctrl-socket.lock rwk, + + owner /var/log/kea/kea-ddns.log rw, + owner /var/log/kea/kea-ddns.log.[0-9]* rw, + owner /var/log/kea/kea-ddns.log.lock rwk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.kea-dhcp-ddns> +} diff --git a/debian/usr.sbin.kea-dhcp4 b/debian/usr.sbin.kea-dhcp4 new file mode 100644 index 0000000..20d2c82 --- /dev/null +++ b/debian/usr.sbin.kea-dhcp4 @@ -0,0 +1,47 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-dhcp4 /usr/sbin/kea-dhcp4 { + include <abstractions/base> + include <abstractions/nameservice> + + # for MySQL access, localhost + include <abstractions/mysql> + include <abstractions/openssl> + + capability net_bind_service, + capability net_raw, + + network inet dgram, + network inet stream, + network netlink raw, + network packet raw, + + /etc/gss/mech.d/ r, + /etc/gss/mech.d/* r, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-dhcp4 mr, + /usr/sbin/kea-lfc Px, + + owner /run/kea/kea-dhcp4.kea-dhcp4.pid rw, + owner /run/lock/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea4-ctrl-socket w, + owner /{tmp,run/kea}/kea4-ctrl-socket.lock rwk, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases4.csv* rw, + + owner /var/log/kea/kea-dhcp4.log rw, + owner /var/log/kea/kea-dhcp4.log.[0-9]* rw, + owner /var/log/kea/kea-dhcp4.log.lock rwk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.kea-dhcp4> +} diff --git a/debian/usr.sbin.kea-dhcp6 b/debian/usr.sbin.kea-dhcp6 new file mode 100644 index 0000000..d8aca09 --- /dev/null +++ b/debian/usr.sbin.kea-dhcp6 @@ -0,0 +1,46 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-dhcp6 /usr/sbin/kea-dhcp6 { + include <abstractions/base> + include <abstractions/nameservice> + + # for MySQL access, localhost + include <abstractions/mysql> + include <abstractions/openssl> + + network inet dgram, + network inet stream, + network netlink raw, + network packet raw, + + /etc/gss/mech.d/ r, + /etc/gss/mech.d/* r, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-dhcp6 mr, + /usr/sbin/kea-lfc Px, + + owner /run/kea/kea-dhcp6.kea-dhcp6.pid rw, + owner /run/lock/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea6-ctrl-socket w, + owner /{tmp,run/kea}/kea6-ctrl-socket.lock rwk, + + owner /var/lib/kea/kea-dhcp6-serverid rw, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases6.csv* rw, + + owner /var/log/kea/kea-dhcp6.log rw, + owner /var/log/kea/kea-dhcp6.log.[0-9]* rw, + owner /var/log/kea/kea-dhcp6.log.lock rwk, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.kea-dhcp6> +} diff --git a/debian/usr.sbin.kea-lfc b/debian/usr.sbin.kea-lfc new file mode 100644 index 0000000..ae165fa --- /dev/null +++ b/debian/usr.sbin.kea-lfc @@ -0,0 +1,33 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-lfc /usr/sbin/kea-lfc { + include <abstractions/base> + include <abstractions/nameservice> + + network inet dgram, + + /usr/sbin/kea-lfc mr, + + owner /run/kea/logger_lockfile rwk, + owner /run/lock/kea/logger_lockfile rw, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea4-ctrl-socket.lock r, + owner /{tmp,run/kea}/kea6-ctrl-socket.lock r, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases4.csv* rw, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases6.csv* rw, + + owner /var/log/kea/kea-dhcp4.log w, + owner /var/log/kea/kea-dhcp6.log w, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.kea-lfc> +} diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..7e174c3 --- /dev/null +++ b/debian/watch @@ -0,0 +1,8 @@ +version=4 +opts=\ +compression=xz,\ +uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\ +pgpsigurlmangle=s/$/.asc/ \ + https://ftp.isc.org/isc/kea/(\d+\.\d*[02468]+\.\d+)/kea-(.+)\.tar\.gz diff --git a/debian/watch.include-odd-versions b/debian/watch.include-odd-versions new file mode 100644 index 0000000..be33fe3 --- /dev/null +++ b/debian/watch.include-odd-versions @@ -0,0 +1,8 @@ +version=4 +opts=\ +compression=xz,\ +uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\ +pgpsigurlmangle=s/$/.asc/ \ + https://ftp.isc.org/isc/kea/(\d+\.\d+\.\d+)/kea-(.+)\.tar\.gz |