diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/0002-kea_admin_fix.patch | 20 | ||||
-rw-r--r-- | debian/patches/0009-disable-database-tests.patch | 26 | ||||
-rw-r--r-- | debian/patches/0010-set-control-sockets-location.patch | 116 | ||||
-rw-r--r-- | debian/patches/0011-kea-ctrl-agent-authentication.patch | 30 | ||||
-rw-r--r-- | debian/patches/series | 4 |
5 files changed, 196 insertions, 0 deletions
diff --git a/debian/patches/0002-kea_admin_fix.patch b/debian/patches/0002-kea_admin_fix.patch new file mode 100644 index 0000000..5ed99e4 --- /dev/null +++ b/debian/patches/0002-kea_admin_fix.patch @@ -0,0 +1,20 @@ +From: Kea <isc-kea@packages.debian.org> +Date: Tue, 19 Feb 2019 12:39:35 +0000 +Subject: kea_admin_fix + +Removed the fallback to the build version of kea-admin since it will not exist on users hosts. +--- + src/bin/admin/kea-admin.in | 2 -- + 1 file changed, 2 deletions(-) + +--- a/src/bin/admin/kea-admin.in ++++ b/src/bin/admin/kea-admin.in +@@ -50,8 +50,6 @@ + # Include the installed admin-utils.sh if available. Fallback to sources otherwise. + if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then + . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh" +-else +- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh" + fi + + # Find the installed kea-lfc if available. Fallback to sources otherwise. diff --git a/debian/patches/0009-disable-database-tests.patch b/debian/patches/0009-disable-database-tests.patch new file mode 100644 index 0000000..7d008c8 --- /dev/null +++ b/debian/patches/0009-disable-database-tests.patch @@ -0,0 +1,26 @@ +Description: Skip the database tests + The MySQL and PostgreSQL tests require a server with username, + password and tables setup for the test, see doc/devel/unit-tests.dox. + There's no way to instruct the build system to skip specific tests, + so let's disable them with a patch. +Forwarded: not-needed +Author: Paride Legovini <paride.legovini@canonical.com> +Last-Update: 2020-12-03 +--- a/src/bin/admin/tests/mysql_tests.sh.in ++++ b/src/bin/admin/tests/mysql_tests.sh.in +@@ -1,4 +1,6 @@ + #!/bin/sh ++echo "SKIPPING MYSQL TEST" ++exit 0 + + # Copyright (C) 2014-2023 Internet Systems Consortium, Inc. ("ISC") + # +--- a/src/bin/admin/tests/pgsql_tests.sh.in ++++ b/src/bin/admin/tests/pgsql_tests.sh.in +@@ -1,4 +1,6 @@ + #!/bin/sh ++echo "SKIPPING POSTGRESQL TEST" ++exit 0 + + # Copyright (C) 2015-2023 Internet Systems Consortium, Inc. ("ISC") + # diff --git a/debian/patches/0010-set-control-sockets-location.patch b/debian/patches/0010-set-control-sockets-location.patch new file mode 100644 index 0000000..f8be1d3 --- /dev/null +++ b/debian/patches/0010-set-control-sockets-location.patch @@ -0,0 +1,116 @@ +From: Athos Ribeiro <athos.ribeiro@canonical.com> +Date: Mon, 13 Feb 2023 16:20:18 -0300 +Subject: d/rules: set the default location for control sockets to /run/kea + +The default config files place the control sockets in /tmp, which is +insecure. Mangle the config files to place the sockets under _kea-owned +/run/kea instead. + +Patch originally submitted by Paride Legovini in +https://salsa.debian.org/debian/isc-kea/-/merge_requests/15. + +Last-Update: 2023-02-13 +Bug: https://gitlab.isc.org/isc-projects/kea/-/issues/2495 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100 +--- + src/bin/keactrl/kea-ctrl-agent.conf.pre | 6 +++--- + src/bin/keactrl/kea-dhcp-ddns.conf.pre | 2 +- + src/bin/keactrl/kea-dhcp4.conf.pre | 2 +- + src/bin/keactrl/kea-dhcp6.conf.pre | 2 +- + src/bin/keactrl/kea-netconf.conf.pre | 4 ++-- + 5 files changed, 8 insertions(+), 8 deletions(-) + +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -32,15 +32,15 @@ + "control-sockets": { + "dhcp4": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + }, + "dhcp6": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + }, + "d2": { + "socket-type": "unix", +- "socket-name": "/tmp/kea-ddns-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket" + } + }, + +--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre ++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre +@@ -23,7 +23,7 @@ + "port": 53001, + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea-ddns-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket" + }, + "tsig-keys": [], + "forward-ddns" : {}, +--- a/src/bin/keactrl/kea-dhcp4.conf.pre ++++ b/src/bin/keactrl/kea-dhcp4.conf.pre +@@ -49,7 +49,7 @@ + // more. For detailed description, see Sections 8.8, 16 and 15. + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. +--- a/src/bin/keactrl/kea-dhcp6.conf.pre ++++ b/src/bin/keactrl/kea-dhcp6.conf.pre +@@ -43,7 +43,7 @@ + // description, see Sections 9.12, 16 and 15. + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. +--- a/src/bin/keactrl/kea-netconf.conf.pre ++++ b/src/bin/keactrl/kea-netconf.conf.pre +@@ -30,13 +30,13 @@ + "dhcp4": { + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + } + }, + "dhcp6": { + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + } + } + }, +--- a/tools/path_replacer.sh.in ++++ b/tools/path_replacer.sh.in +@@ -28,13 +28,17 @@ + localstatedir="@localstatedir@" + exec_prefix="@exec_prefix@" + libdir="@libdir@" ++runstatedir="@runstatedir@" ++PACKAGE="@PACKAGE@" + + echo "Replacing \@prefix\@ with ${prefix}" + echo "Replacing \@libdir\@ with ${libdir}" + echo "Replacing \@sysconfdir\@ with ${sysconfdir}" + echo "Replacing \@localstatedir\@ with ${localstatedir}" ++echo "Replacing \@runstatedir\@ with ${runstatedir}" ++echo "Replacing \@PACKAGE\@ with ${PACKAGE}" + + echo "Input file: $1" + echo "Output file: $2" + +-sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g" "${1}" > "${2}" ++sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g; s@SEP@\@runstatedir\@@SEP@${runstatedir}@SEP@g; s@SEP@\@PACKAGE\@@SEP@${PACKAGE}@SEP@g" "${1}" > "${2}" diff --git a/debian/patches/0011-kea-ctrl-agent-authentication.patch b/debian/patches/0011-kea-ctrl-agent-authentication.patch new file mode 100644 index 0000000..d965fbc --- /dev/null +++ b/debian/patches/0011-kea-ctrl-agent-authentication.patch @@ -0,0 +1,30 @@ +Description: Set kea-ctrl-agent up to require a password. +Author: Andreas Hasenack <andreas.hasenack@canonical.com> +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2007312 +Last-Update: 2023-03-17 + +diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre +index e6ae8b8a..f7e3fed2 100644 +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -26,6 +26,18 @@ + // is specifically for HA updates only. + "http-port": 8000, + ++ "authentication": { ++ "type": "basic", ++ "realm": "Kea Control Agent", ++ "directory": "/etc/kea", ++ "clients": [ ++ { ++ "user": "kea-api", ++ "password-file": "kea-api-password" ++ } ++ ] ++ }, ++ + // Specify location of the files to which the Control Agent + // should connect to forward commands to the DHCPv4, DHCPv6 + // and D2 servers via unix domain sockets. diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..d18b4f5 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +0002-kea_admin_fix.patch +0009-disable-database-tests.patch +0010-set-control-sockets-location.patch +0011-kea-ctrl-agent-authentication.patch |