summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/0002-kea_admin_fix.patch20
-rw-r--r--debian/patches/0009-disable-database-tests.patch26
-rw-r--r--debian/patches/0010-set-control-sockets-location.patch116
-rw-r--r--debian/patches/0011-kea-ctrl-agent-authentication.patch30
-rw-r--r--debian/patches/series4
5 files changed, 196 insertions, 0 deletions
diff --git a/debian/patches/0002-kea_admin_fix.patch b/debian/patches/0002-kea_admin_fix.patch
new file mode 100644
index 0000000..5ed99e4
--- /dev/null
+++ b/debian/patches/0002-kea_admin_fix.patch
@@ -0,0 +1,20 @@
+From: Kea <isc-kea@packages.debian.org>
+Date: Tue, 19 Feb 2019 12:39:35 +0000
+Subject: kea_admin_fix
+
+Removed the fallback to the build version of kea-admin since it will not exist on users hosts.
+---
+ src/bin/admin/kea-admin.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/src/bin/admin/kea-admin.in
++++ b/src/bin/admin/kea-admin.in
+@@ -50,8 +50,6 @@
+ # Include the installed admin-utils.sh if available. Fallback to sources otherwise.
+ if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then
+ . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"
+-else
+- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh"
+ fi
+
+ # Find the installed kea-lfc if available. Fallback to sources otherwise.
diff --git a/debian/patches/0009-disable-database-tests.patch b/debian/patches/0009-disable-database-tests.patch
new file mode 100644
index 0000000..7d008c8
--- /dev/null
+++ b/debian/patches/0009-disable-database-tests.patch
@@ -0,0 +1,26 @@
+Description: Skip the database tests
+ The MySQL and PostgreSQL tests require a server with username,
+ password and tables setup for the test, see doc/devel/unit-tests.dox.
+ There's no way to instruct the build system to skip specific tests,
+ so let's disable them with a patch.
+Forwarded: not-needed
+Author: Paride Legovini <paride.legovini@canonical.com>
+Last-Update: 2020-12-03
+--- a/src/bin/admin/tests/mysql_tests.sh.in
++++ b/src/bin/admin/tests/mysql_tests.sh.in
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++echo "SKIPPING MYSQL TEST"
++exit 0
+
+ # Copyright (C) 2014-2023 Internet Systems Consortium, Inc. ("ISC")
+ #
+--- a/src/bin/admin/tests/pgsql_tests.sh.in
++++ b/src/bin/admin/tests/pgsql_tests.sh.in
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++echo "SKIPPING POSTGRESQL TEST"
++exit 0
+
+ # Copyright (C) 2015-2023 Internet Systems Consortium, Inc. ("ISC")
+ #
diff --git a/debian/patches/0010-set-control-sockets-location.patch b/debian/patches/0010-set-control-sockets-location.patch
new file mode 100644
index 0000000..f8be1d3
--- /dev/null
+++ b/debian/patches/0010-set-control-sockets-location.patch
@@ -0,0 +1,116 @@
+From: Athos Ribeiro <athos.ribeiro@canonical.com>
+Date: Mon, 13 Feb 2023 16:20:18 -0300
+Subject: d/rules: set the default location for control sockets to /run/kea
+
+The default config files place the control sockets in /tmp, which is
+insecure. Mangle the config files to place the sockets under _kea-owned
+/run/kea instead.
+
+Patch originally submitted by Paride Legovini in
+https://salsa.debian.org/debian/isc-kea/-/merge_requests/15.
+
+Last-Update: 2023-02-13
+Bug: https://gitlab.isc.org/isc-projects/kea/-/issues/2495
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100
+---
+ src/bin/keactrl/kea-ctrl-agent.conf.pre | 6 +++---
+ src/bin/keactrl/kea-dhcp-ddns.conf.pre | 2 +-
+ src/bin/keactrl/kea-dhcp4.conf.pre | 2 +-
+ src/bin/keactrl/kea-dhcp6.conf.pre | 2 +-
+ src/bin/keactrl/kea-netconf.conf.pre | 4 ++--
+ 5 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -32,15 +32,15 @@
+ "control-sockets": {
+ "dhcp4": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ },
+ "dhcp6": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ },
+ "d2": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea-ddns-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket"
+ }
+ },
+
+--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre
++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre
+@@ -23,7 +23,7 @@
+ "port": 53001,
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea-ddns-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket"
+ },
+ "tsig-keys": [],
+ "forward-ddns" : {},
+--- a/src/bin/keactrl/kea-dhcp4.conf.pre
++++ b/src/bin/keactrl/kea-dhcp4.conf.pre
+@@ -49,7 +49,7 @@
+ // more. For detailed description, see Sections 8.8, 16 and 15.
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+--- a/src/bin/keactrl/kea-dhcp6.conf.pre
++++ b/src/bin/keactrl/kea-dhcp6.conf.pre
+@@ -43,7 +43,7 @@
+ // description, see Sections 9.12, 16 and 15.
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+--- a/src/bin/keactrl/kea-netconf.conf.pre
++++ b/src/bin/keactrl/kea-netconf.conf.pre
+@@ -30,13 +30,13 @@
+ "dhcp4": {
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ }
+ },
+ "dhcp6": {
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ }
+ }
+ },
+--- a/tools/path_replacer.sh.in
++++ b/tools/path_replacer.sh.in
+@@ -28,13 +28,17 @@
+ localstatedir="@localstatedir@"
+ exec_prefix="@exec_prefix@"
+ libdir="@libdir@"
++runstatedir="@runstatedir@"
++PACKAGE="@PACKAGE@"
+
+ echo "Replacing \@prefix\@ with ${prefix}"
+ echo "Replacing \@libdir\@ with ${libdir}"
+ echo "Replacing \@sysconfdir\@ with ${sysconfdir}"
+ echo "Replacing \@localstatedir\@ with ${localstatedir}"
++echo "Replacing \@runstatedir\@ with ${runstatedir}"
++echo "Replacing \@PACKAGE\@ with ${PACKAGE}"
+
+ echo "Input file: $1"
+ echo "Output file: $2"
+
+-sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g" "${1}" > "${2}"
++sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g; s@SEP@\@runstatedir\@@SEP@${runstatedir}@SEP@g; s@SEP@\@PACKAGE\@@SEP@${PACKAGE}@SEP@g" "${1}" > "${2}"
diff --git a/debian/patches/0011-kea-ctrl-agent-authentication.patch b/debian/patches/0011-kea-ctrl-agent-authentication.patch
new file mode 100644
index 0000000..d965fbc
--- /dev/null
+++ b/debian/patches/0011-kea-ctrl-agent-authentication.patch
@@ -0,0 +1,30 @@
+Description: Set kea-ctrl-agent up to require a password.
+Author: Andreas Hasenack <andreas.hasenack@canonical.com>
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2007312
+Last-Update: 2023-03-17
+
+diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+index e6ae8b8a..f7e3fed2 100644
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -26,6 +26,18 @@
+ // is specifically for HA updates only.
+ "http-port": 8000,
+
++ "authentication": {
++ "type": "basic",
++ "realm": "Kea Control Agent",
++ "directory": "/etc/kea",
++ "clients": [
++ {
++ "user": "kea-api",
++ "password-file": "kea-api-password"
++ }
++ ]
++ },
++
+ // Specify location of the files to which the Control Agent
+ // should connect to forward commands to the DHCPv4, DHCPv6
+ // and D2 servers via unix domain sockets.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d18b4f5
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,4 @@
+0002-kea_admin_fix.patch
+0009-disable-database-tests.patch
+0010-set-control-sockets-location.patch
+0011-kea-ctrl-agent-authentication.patch