summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/NEWS39
-rw-r--r--debian/changelog522
-rw-r--r--debian/control178
-rw-r--r--debian/copyright408
-rw-r--r--debian/copyright-scan-patterns.yml33
-rw-r--r--debian/fill.copyright.blanks.yml18
-rw-r--r--debian/fix.scanned.copyright368
-rw-r--r--debian/gbp.conf4
-rw-r--r--debian/kea-admin.install3
-rw-r--r--debian/kea-admin.lintian-overrides2
-rw-r--r--debian/kea-admin.manpages2
-rw-r--r--debian/kea-common.install4
-rw-r--r--debian/kea-common.lintian-overrides1
-rw-r--r--debian/kea-common.manpages1
-rw-r--r--debian/kea-common.postinst39
-rw-r--r--debian/kea-ctrl-agent.config73
-rw-r--r--debian/kea-ctrl-agent.init161
-rw-r--r--debian/kea-ctrl-agent.install4
-rw-r--r--debian/kea-ctrl-agent.manpages2
-rw-r--r--debian/kea-ctrl-agent.postinst72
-rw-r--r--debian/kea-ctrl-agent.postrm40
-rw-r--r--debian/kea-ctrl-agent.service22
-rw-r--r--debian/kea-ctrl-agent.templates34
-rw-r--r--debian/kea-dev.install3
-rw-r--r--debian/kea-dev.lintian-overrides1
-rw-r--r--debian/kea-dhcp-ddns-server.init167
-rw-r--r--debian/kea-dhcp-ddns-server.install3
-rw-r--r--debian/kea-dhcp-ddns-server.manpages1
-rw-r--r--debian/kea-dhcp-ddns-server.service21
-rw-r--r--debian/kea-dhcp4-server.init167
-rw-r--r--debian/kea-dhcp4-server.install3
-rw-r--r--debian/kea-dhcp4-server.manpages1
-rw-r--r--debian/kea-dhcp4-server.service21
-rw-r--r--debian/kea-dhcp6-server.init167
-rw-r--r--debian/kea-dhcp6-server.install3
-rw-r--r--debian/kea-dhcp6-server.manpages1
-rw-r--r--debian/kea-dhcp6-server.service21
-rw-r--r--debian/kea-doc.README.Debian13
-rw-r--r--debian/kea-doc.doc-base11
-rw-r--r--debian/kea-doc.docs3
-rw-r--r--debian/kea-doc.lintian-overrides3
-rw-r--r--debian/not-installed4
-rw-r--r--debian/patches/0002-kea_admin_fix.patch20
-rw-r--r--debian/patches/0009-disable-database-tests.patch26
-rw-r--r--debian/patches/0010-set-control-sockets-location.patch116
-rw-r--r--debian/patches/0011-kea-ctrl-agent-authentication.patch30
-rw-r--r--debian/patches/series4
-rw-r--r--debian/po/POTFILES.in1
-rw-r--r--debian/po/de.po130
-rw-r--r--debian/po/es.po129
-rw-r--r--debian/po/fr.po132
-rw-r--r--debian/po/nl.po127
-rw-r--r--debian/po/templates.pot110
-rw-r--r--debian/python3-kea-connector.install2
-rwxr-xr-xdebian/rules75
-rw-r--r--debian/salsa-ci.yml14
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/lintian-overrides1
-rw-r--r--debian/tests/control13
-rw-r--r--debian/tests/kea-ctrl-agent-debconf266
-rw-r--r--debian/tests/kea-dhcp4277
-rw-r--r--debian/tests/kea-dhcp4.conf.template71
-rw-r--r--debian/tests/smoke-tests63
-rw-r--r--debian/upstream/metadata6
-rw-r--r--debian/upstream/signing-key.asc175
-rw-r--r--debian/usr.sbin.kea-ctrl-agent32
-rw-r--r--debian/usr.sbin.kea-dhcp-ddns33
-rw-r--r--debian/usr.sbin.kea-dhcp447
-rw-r--r--debian/usr.sbin.kea-dhcp646
-rw-r--r--debian/usr.sbin.kea-lfc33
-rw-r--r--debian/watch8
-rw-r--r--debian/watch.include-odd-versions8
72 files changed, 4640 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..ad1bd54
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,39 @@
+isc-kea (2.2.0-8) unstable; urgency=medium
+
+ Require user authentication to access the kea-ctrl-agent API service.
+
+ Upgrades from previous versions, or fresh installs, will get a debconf
+ "high" priority prompt with 3 options:
+ - no action (default)
+ - configure with a random password
+ - configure with a given password
+
+ If there is no password, the kea-ctrl-agent will NOT start.
+
+ The password is expected to be in /etc/kea/kea-api-password, with ownership
+ root:_kea and permissions 0640. To change it, run `dpkg-reconfigure
+ kea-ctrl-agent` (which will present the same 3 options from above again), or
+ just edit the file manually.
+
+ -- Andreas Hasenack <andreas@canonical.com> Fri, 17 Mar 2023 11:28:49 -0300
+
+isc-kea (2.2.0-3) unstable; urgency=medium
+
+ Starting with this upload, all the kea services are confined by default with
+ apparmor (if it's enabled on the host).
+
+ -- Paride Legovini <paride@debian.org> Fri, 17 Feb 2023 19:59:43 +0100
+
+isc-kea (2.2.0-2) unstable; urgency=medium
+
+ The control sockets were moved to /run/kea (Closes: #1014929)
+
+ keactrl is no longer being installed. This script is not systemd-aware and
+ not installed by the upstream .deb packages.
+
+ Default logging of all kea services is set to "output" in their respective
+ configuration files. This means they end up in the systemd journal logging.
+ (Closes: #1016747)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 14 Feb 2023 11:24:58 -0300
+
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..5e170cb
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,522 @@
+isc-kea (2.4.1-3) unstable; urgency=medium
+
+ [ Paride Legovini ]
+ * d/t/smoke-test: add sleep to allow for the services to start
+ * d/t/kea-ctrl-agent-debconf override systemd restart limit.
+ Thanks to Andreas Hasenack
+ * ci: salsa pipeline: disable the crossbuild-arm64 job
+ * ci: salsa pipeline: fail on Lintian warnings
+ * d/*.l-o: drop unused overrides
+ * kea-dev: build and install kea-msg-compiler.
+ Thanks to Quentin Armitage (Closes: #1065362)
+ * d/kea-dev.l-o: override no-manual-page for kea-msg-compiler
+ * ci: salsa pipeline: enable reprotest, without build_path variation.
+ Thanks to Holger Levsen
+ * d/p/0001-support_kfreebsd.patch: drop patch.
+ The development of Debian GNU/kFreeBSD terminated in July 2023.
+ * d/p/0011-kea-ctrl-agent-authentication.patch: add dep-3 headers
+ * d/*.init: fix SysV init scripts.
+ Thanks to Stefan Klein (Closes: #1055438)
+ * d/rules: disable LTO on ppc64el as it causes crashes.
+ Thanks to Sergio Durigan Junior (LP: #2055151)
+
+ [ Andreas Hasenack ]
+ * apparmor: also allow reading the pid file.
+ At least kea-ctrl-agent attempts to read the pid file, and it makes
+ sense to allow that. Also make the change for all other profiles.
+
+ -- Paride Legovini <paride@debian.org> Fri, 29 Mar 2024 16:38:54 +0100
+
+isc-kea (2.4.1-2) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Athos Ribeiro ]
+ * d/*.service: Remove dhcp{4,6} WantedBy statements
+
+ [ Paride Legovini ]
+ * d/po/fr.po: add French templates translation.
+ Thanks to Jean-Pierre Giraud (Closes: #1059863)
+ * d/copyright: update copyright years for debian/*
+
+ [ Andreas Hasenack ]
+ * apparmor: add missing include directive.
+ Add a missing include directive to all profiles include the
+ site-specific additions and overrides. (Closes: #1064513)
+
+ -- Andreas Hasenack <andreas@canonical.com> Mon, 26 Feb 2024 10:32:35 -0300
+
+isc-kea (2.4.1-1) unstable; urgency=medium
+
+ * New upstream version 2.4.1
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 14 Dec 2023 17:21:04 -0300
+
+isc-kea (2.4.0-1) unstable; urgency=medium
+
+ [ Paride Legovini ]
+ * d/control: add Athos Ribeiro to Uploaders
+ * d/*.init: specify the daemons' full path.
+ Thanks to Alessandro Vesely (Closes: #1052338)
+
+ [ Athos Ribeiro ]
+ * New upstream version 2.4.0 (Closes: #1040523)
+ * d/patches: refresh patches
+ * d/rules: remove cleanup for kea_connector2.py
+ * d/t/kea-dhcp4: check if lease lifetime is valid
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 26 Oct 2023 09:17:18 -0300
+
+isc-kea (2.2.1-3) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * apparmor: allow kea-ctrl-agent to access IPv6 sockets
+ (Closes: #1052764)
+
+ -- Paride Legovini <paride@debian.org> Wed, 27 Sep 2023 14:47:14 +0200
+
+isc-kea (2.2.1-2) unstable; urgency=medium
+
+ * d/po/de.po: add German debconf translation.
+ Thanks to Christoph Brinkhaus (Closes: #1041710)
+ * d/po/es.po: add Spanish debconf translation.
+ Thanks to CamaleĆ³n (Closes: #1041772)
+ * d/po/nl.po: add Dutch debconf translation.
+ Thanks to Frans Spiesschaert (Closes: #1041875)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Sun, 10 Sep 2023 10:09:52 -0300
+
+isc-kea (2.2.1-1) unstable; urgency=medium
+
+ * d/u/signing-key.asc: update upstream signing key
+ * New upstream version 2.2.1
+ * Fix typo in debconf string.
+ Thanks to Helge Kreutzmann (Closes: #1041394)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Fri, 04 Aug 2023 07:37:08 -0300
+
+isc-kea (2.2.0-8) unstable; urgency=medium
+
+ [ Athos Ribeiro ]
+ * d/rules: add strict shlibs control file
+
+ [ Andreas Hasenack ]
+ * Restrict access to the default RESTful API on 127.0.0.1:8000 to
+ authenticated users (Closes: #1033367) (LP #2007312):
+ - Add debconf templates to restrict API access
+ - d/control: add debconf build-deps
+ - d/kea-ctrl-agent.postinst: handle kea-api password creation
+ - d/kea-ctrl-agent.config: prepare debconf questions
+ - d/kea-ctrl-agent.postrm: purge api password file
+ - d/p/0011-kea-ctrl-agent-authentication.patch
+ - d/t/kea-ctrl-agent.service: require a non-empty kea api password file
+ - d/t/control, d/t/kea-ctrl-agent-debconf: test debconf options
+ - d/t/smoke-tests, d/t/kea-dhcp4: support kea-ctrl-agent authentication
+ * d/NEWS: update with noteworthy changes
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 04 Jul 2023 10:40:32 -0300
+
+isc-kea (2.2.0-6) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * apparmor: use the apparmor nameservice abstraction.
+ Use the apparmor nameservice abstraction instead of hand-picked rules.
+ (Closes: #1033640, #1033639)
+
+ -- Paride Legovini <paride@debian.org> Mon, 03 Apr 2023 12:48:28 +0200
+
+isc-kea (2.2.0-5) unstable; urgency=medium
+
+ [ Paride Legovini ]
+ * d/control: update to Standards-Version 4.6.2, no changes needed
+
+ [ Andreas Hasenack ]
+ * d/t/kea-dhcp4.conf.template: retry opening a socket. Sometimes the
+ `keabr0` bridge used in the DEP8 test takes a while to become ready, and
+ kea-dhcp4 fails to open a socket on it. Add configuration options to
+ kea-dhcp4 to retry opening the socket a few times before giving up.
+ (LP: #2008932)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 02 Mar 2023 14:00:17 -0300
+
+isc-kea (2.2.0-4) unstable; urgency=medium
+
+ [ Athos Ribeiro ]
+ * d/rules: use MathJax from libjs-mathjax instead loading from external CDN
+
+ [ Andreas Hasenack ]
+ * d/t/kea-dhcp4: make the test more robust
+ - increase dhclient timeout to 60s, and run in verbose mode
+ - show logs in the case of failure
+ - set +e inside the cleanup handler
+ - fix resolv.conf regexp
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 27 Feb 2023 14:58:26 -0300
+
+isc-kea (2.2.0-3) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * Add apparmor profiles.
+ - d/control: add build-depends on dh-apparmor
+ - d/usr.sbin.kea-*: add the profiles
+ - d/kea-*.install: install the profiles
+ - d/rules: use dh_apparmor to enable the profiles
+ * d/tests: Add DEP8 test for kea-dhcp4
+
+ -- Paride Legovini <paride@debian.org> Fri, 17 Feb 2023 19:59:43 +0100
+
+isc-kea (2.2.0-2) unstable; urgency=medium
+
+ [ Athos Ribeiro ]
+ * d/tests: add simple DEP8 smoke tests
+ * Set default control sockets location to /run/kea (Closes: #1014929)
+ (LP: #1863100)
+
+ [ Paride Legovini ]
+ * d/control: drop dependency on lsb-base (obsolete)
+ * d/salsa-ci.yml: enable the autopkgtest job
+ * d/kea-common.*:
+ - Do not install keactrl. The keactrl script is not systemd-aware and not
+ installed by the upstream .deb packages. Remove it from the Debian
+ packaging
+ - Leave handling of /var/*/kea directories to systemd. No need to create
+ them in packaging as the systemd units will automatically create them
+ with the right ownership and permissions
+ * d/*.service:
+ - Do not set KEA_LOGGER_DESTINATION. The variable is meant to tell the
+ daemons where to log *before* their config files are loaded. If unset
+ the default is stdout, which works well with systemd
+ - Do not set KEA_PIDFILE_DIR. What we set it to corresponds to the
+ defaults. The documentation says that KEA_PIDFILE_DIR "is intended
+ primarily for testing"
+ * d/rules: use the systemd journal for logging (Closes: #1016747)
+ (LP: #2006522)
+ * d/kea-doc.README.Debian: document how logging is done by default
+ * d/tests/smoke-tests: check location of PID and lock files
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 14 Feb 2023 11:24:58 -0300
+
+isc-kea (2.2.0-1) unstable; urgency=medium
+
+ * New upstream version 2.2.0.
+ Thanks to Daniel Baumann (Closes: #1016109)
+ * debian/patches:
+ - 0002-kea_admin_fix.patch: refresh patch
+ - 0007-keyctrl-colored-ddns-status.patch: drop patch (fixed upstream)
+ - 0009-disable-database-tests.patch: refresh patch
+ - 0010-build-libco-when-gtest-is-not-enabled: drop patch (fixed upstream)
+ - 0011-sphinx-set-language.patch: drop patch (fixed upstream)
+ * d/kea-doc.doc-base: register documentation to doc-base
+ * Lintian overrides:
+ - *.lintian-overrides: adapt to "pointed hints" syntax
+ - kea-admin.l-o: bash-term-in-posix-shell (false positives)
+ - d/kea-doc.l-o: add overrides for sphinx installed fonts.
+ + font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*]
+ + font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*]
+ * d/copyright: remove file patterns made unnecessary by new release
+ * d/salsa-ci.yml: add salsa CI
+
+ -- Paride Legovini <paride@debian.org> Tue, 02 Aug 2022 12:16:45 +0000
+
+isc-kea (2.0.2-3) unstable; urgency=medium
+
+ * d/rules: configure: specify the Python site packages location.
+ Related changes:
+ - d/python3-kea-connector.install: update paths accordingly
+ Thanks to Kilian Krause (Closes: #1014995)
+
+ -- Paride Legovini <paride@debian.org> Wed, 20 Jul 2022 16:03:19 +0000
+
+isc-kea (2.0.2-2) unstable; urgency=medium
+
+ * d/patches: explicitly set the sphinx doc language.
+ Needed for compatibility with Sphinx 5.0. New patch:
+ - d/p/0011-sphinx-set-language.patch (Closes: #1013407)
+ * d/control: bump Standards-Version to 4.6.1, no changes needed
+ * d/gbp.conf: debian-branch = debian/unstable (DEP-14)
+ * d/gbp.conf: enable use of pristine-tar
+ * d/watch.include-odd-versions: alternative watch file.
+ Also covers the odd-numbered (= devel) upstream releases.
+
+ -- Paride Legovini <paride@debian.org> Sun, 26 Jun 2022 14:48:25 +0000
+
+isc-kea (2.0.2-1) unstable; urgency=medium
+
+ * New upstream version 2.0.2
+
+ -- Paride Legovini <paride@debian.org> Mon, 07 Mar 2022 21:13:17 +0000
+
+isc-kea (2.0.1-2) unstable; urgency=medium
+
+ * Upload to Debian unstable
+ * wrap-and-sort -bast (cosmetic)
+
+ -- Paride Legovini <paride@debian.org> Sun, 30 Jan 2022 19:39:09 +0100
+
+isc-kea (2.0.1-1) experimental; urgency=medium
+
+ * New upstream version 2.0.1 (Closes: #954768, #973641)
+ * d/watch: fix search path and only match stable versions (Closes: #974611)
+ * d/u/signing-key.asc: replace with new key for 2021-2022.
+ * d/control:
+ - Update Standards-Version to 4.6.0 (no changes needed)
+ - Switch to dh compat level 13
+ - Set Rules-Requires-Root: no
+ - Drop ORed dependency on obsolete libmysqlclient-dev
+ - Add python3-kea-connector dependency to kea-ctrl-agent
+ - Build-Depend on procps (test dependency)
+ - Drop Section: libs for kea-common (fallback to Section: net)
+ - Minor cosmetic changes to the descriptions
+ * d/rules:
+ - Don't pass --as-needed to ld (it's now the default)
+ - Drop explicit `dh_missing --fail-missing` (default in dh 13)
+ - Drop useless override_dh_auto_make target
+ - Drop override_dh_clean (not needed)
+ - Use execute_after_* targets where appropriate
+ - Do not ignore the test results
+ - Drop unnecessary $@ in override_dh_auto_configure
+ - Disable out-of-source building (dh -B)
+ - Set localstatedir to /var (Closes: #959149)
+ - Delete __pycache__ recursively
+ - Don't delete keactrl.8
+ - Drop `dh_installdocs -A`: it prevents using a main doc package
+ - Build perfdhcp (configure flag: --enable-perfdhcp)
+ * d/patches:
+ - 0001-support_kfreebsd: refresh patch
+ - 0002-kea_admin_fix: refresh patch
+ - 0003-Use-runstatedir-for-pid-file-location.patch: drop, fixed upstream
+ - d/p/0004-Put-KEA_LOCKFILE_DIR-to-runstatedir.patch: drop patch.
+ Replaced by setting the KEA_LOCKFILE_DIR environment variable.
+ - 0007-keyctrl-colored-ddns-status.patch: add patch
+ - 0009-disable-database-tests.patch: add patch.
+ Skip the database tests (problematic to run in automation).
+ - 0010-build-libco-when-gtest-is-not-enabled.patch: add patch.
+ Fix test suite fails if Kea is built without gtest.
+ - Always use the .patch extension for uniformity
+ * d/docs: drop file, replaced by kea-doc.docs
+ * d/kea-doc.install: drop file, replaced by d/kea-doc.docs
+ * d/kea-admin.install: install perfdhcp
+ * d/*.install: move manpages to d/*.manpages
+ * d/kea-common.manpages: install keactrl.8
+ * d/kea-doc.docs:
+ - Add CONTRIBUTING.md
+ - Install the API reference
+ * d/not-installed: refresh list of not-installed files
+ * d/s/lintian-overrides: override very-long-line-length-in-source-file
+ * d/kea-common.l-o: override script-not-executable etc/kea/keactrl.conf.
+ Has a shebang but it's meant to be sourced, not executed.
+ * d/u/metadata: add upstream metadata file
+ * d/copyright:
+ - Add Canonical Ltd. for debian/*
+ - Drop references to nonexisting files
+ * d/control: add Paride Legovini to Uploaders
+
+ -- Paride Legovini <paride@debian.org> Thu, 27 Jan 2022 12:27:23 +0100
+
+isc-kea (1.7.5-1) unstable; urgency=medium
+
+ * Bump dh compat to 12, bump debian standard to 4.5.0
+ (dh_compat v11 is broken and should not be used)
+ * New upstream version 1.7.5
+ * Security issues fixed since 1.5.0-2:
+ + CVE-2019-6472: A packet containing a malformed DUID can cause the
+ kea-dhcp6 server to terminate
+ + CVE-2019-6473: An invalid hostname option can cause the kea-dhcp4
+ server to terminate
+ + CVE-2019-6474: An oversight when validating incoming client requests
+ can lead to a situation where the Kea server will exit when trying to
+ restart
+ * Add python3-sphinx and python3-sphinx-rtd-theme to Build-Depends to
+ build the documentation
+ * Adjust installed files
+ * Add 'kea' metapackage that depends on all server components of Kea
+ * Fix more ISC KEA -> Kea naming
+ * Cleanup the lintian warnings
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Mon, 23 Mar 2020 11:11:05 +0100
+
+isc-kea (1.5.0-2) unstable; urgency=medium
+
+ [ Jason Guy ]
+ * Stop deleting _kea user and group on postrm for security
+ * Drop debhelper compat to v11; v12 adds dependency on init-system-helpers
+ (>=1.52), and stretch uses 1.48.
+
+ [ Badreddin Aboubakr ]
+ * Fix systemd service file & create group kea
+ * Fix maintaner scripts to handle the _kea group (Closes: #924105)
+
+ [ Michal Nowikowski ]
+ * Fixed names of referenced services in WantedBy fields
+
+ -- Ondřej SurĆ½ <ondrej@sury.org> Wed, 12 Jun 2019 16:11:11 +0200
+
+isc-kea (1.5.0-1) unstable; urgency=medium
+
+ [ Ondřej SurĆ½ ]
+ * New upstream version 1.5.0 (Closes: #916288)
+ * Update d/watch to use better mangling and https:// URL
+ * Update ISC signing key
+ * Bump debhelper compat level to v12
+ * Fix some default paths to use runstatedir
+ * Create a non-privileged user _kea and run the Kea services under that user
+ (Closes: #910671)
+ * Add the netconf stuff to d/not-installed
+ * Greatly simplify d/copyright (Closes: #905214)
+ * Fix dpkg-statoverride usage in maintscripts
+ * Add adduser to kea-common Depends
+ * Add Pre-Depends: ${misc:Pre-Depends} for systemd Pre-Depends
+ * DHCPv4 daemon also needs CAP_NET_RAW
+ * It's Kea, not ISC KEA; fix the .service files
+
+ [ Yuval Freund ]
+ * Fix python dep issue. (Closes: #905977, #908491)
+
+ [ Badreddin Aboubakr ]
+ * Fix systemd Unit Files
+ + Change lock directory (systemd nesting issue)
+ + Quote RuntimeDirectory
+ + Remove "LogsDirectory" and "LogsDirectoryMode" (they are not
+ supported in systemd 232)
+
+ [ Jason Guy ]
+ * Added a new patch to fix the kea-admin script.
+ * Fixed the postrm script (Closes: #905421)
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Mon, 25 Feb 2019 12:12:36 +0000
+
+isc-kea (1.4.0.P1-5) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Added a missing python3 dependency (Closes: #905977)
+ * Fixed kea-ctrl-agent dependency (Closes: #908491)
+ * Fixed kea-common postrm script (Closes: #905421)
+ * Fixed state directories (Closes: #910671)
+ * Fixed copyright (Closes: #905214)
+ * Cleaned up quilt patches.
+
+ -- Jason Guy <jason.e.guy@gmail.com> Sun, 16 Dec 2018 19:31:18 -0500
+
+isc-kea (1.4.0.P1-3) unstable; urgency=medium
+
+ [ Ondřej SurĆ½ ]
+ * Install keactrl binary and manpage to kea-common package
+ * Make package backportable to Ubuntu Trusty that doesn't have
+ debian/not-installed support yet
+ * Tighten the permissions on the /run/lock/kea, /var/log/kea and
+ /var/lib/kea directory
+ * Merge little bits from Jason in d/control and d/rules
+ * Cleanup install files
+
+ [ Jason Guy ]
+ * Added missing files.
+ * Minor fixes to the lockfile paths.
+
+ [ Adam Majer ]
+ * Update ISC signing key for 2017-2018
+ * Add python3-kea-connector and kea-ctrl-agent files
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Mon, 16 Jul 2018 15:53:56 +0000
+
+isc-kea (1.4.0.P1-2) unstable; urgency=medium
+
+ * Add alternative dependency for default-libmysqlclient-dev to make
+ backporting easier
+ * Re-enable mysql and pgsql backends
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Sat, 14 Jul 2018 12:14:40 +0000
+
+isc-kea (1.4.0.P1-1) unstable; urgency=medium
+
+ * New upstream version 1.4.0.P1
+ + [CVE-2018-5739]: failure to release memory may exhaust system
+ resources (Closes: #903729)
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Sat, 14 Jul 2018 08:51:37 +0000
+
+isc-kea (1.4.0-2) experimental; urgency=medium
+
+ * New upstream version 1.4.0 (Closes: #874501, #874501)
+ * Update Maintainer, Uploaders and Vcs-* Links
+ * Use --fail-missing to catch files not installed which should be
+ * Update bug numbers in d/changelog
+ * Add kea-admin binary into kea-admin package (Closes: #851712)
+ * Install hooks in kea-common package and kea-ctrl-agent into kea-utils
+ package
+ * Move kea-ctrl-agent to kea-admin package
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Fri, 13 Jul 2018 20:00:33 +0000
+
+isc-kea (1.4.0-1) experimental; urgency=medium
+
+ * New upstream version 1.4.0 (Closes: #874501, #874501)
+ * Rebase patches on top of Kea 1.4
+ * Use upstream conffiles
+ * Run d/ through wrap-and-sort -a + add dh-autoconf
+ * Enable autoreconf
+ * Don't install *.spec files
+
+ -- Ondřej SurĆ½ <ondrej@debian.org> Fri, 13 Jul 2018 18:42:25 +0000
+
+isc-kea (1.1.0-1) unstable; urgency=medium
+
+ * New upstream version 1.1.0 (closes: #844536)
+ + support PostgreSQL and MySQL for host reservation for both
+ DHCPv4 and DHCPv6
+ + allows MySQL and PostgreSQL host reservations databases
+ to operate in read-only mode
+ + extends host reservations capabilities based on specific
+ DHCP options.
+ + expanded client classification system
+ + DHCPv4-over-DHCPv6 - RFC7341
+ * builds with default mysql library (closes: #845856)
+ * debian/patches:
+ - fix_gcc6 - removed, upstreamed
+ - openssl1.1 - add OpenSSL 1.1 support (closes: #828356)
+
+ -- Adam Majer <adamm@zombino.com> Sun, 27 Nov 2016 23:07:17 +0100
+
+isc-kea (1.0.0-4) unstable; urgency=medium
+
+ * debian/rules:
+ + Disable warnings being treated as errors during compilation.
+ This fixes compilation with GCC 6.0 and Kea's use of
+ auto_ptr which trigger depreciation warning (closes: #831123)
+ * debian/patches/fix_gcc6:
+ + fix compilation with gcc6 C++14
+
+ -- Adam Majer <adamm@zombino.com> Mon, 25 Jul 2016 22:23:36 +0200
+
+isc-kea (1.0.0-3) unstable; urgency=medium
+
+ * debian/patches/support_kfreebsd:
+ + Add support for kFreeBSD - detect it as FreeBSD
+ * debian/watch:
+ + Only detect X.Y.Z* version formats
+ + Sort beta and other candidates before final release
+ + Verify upstream GPG signature
+ * debian/control:
+ + Remove dependency on Botan. Use OpenSSL instead.
+ * debian/rules:
+ + Disable dependency tracking for faster build
+ + Fix typo in configure script
+ * Updated .service files to start KEA services only after
+ network is up and time has been synced.
+ * Update Standard to 3.9.7. No changes.
+
+ -- Adam Majer <adamm@zombino.com> Thu, 03 Mar 2016 20:49:02 -0600
+
+isc-kea (1.0.0-2) unstable; urgency=medium
+
+ * debian/copyright:
+ + Explicitly list more embedded boost headers
+ * debian/control:
+ + Do not require specific PostgreSQL version (closes: #814323)
+
+ -- Adam Majer <adamm@zombino.com> Fri, 26 Feb 2016 13:37:51 -0600
+
+isc-kea (1.0.0-1) unstable; urgency=low
+
+ * Initial release (Closes: #759703)
+
+ -- Adam Majer <adamm@zombino.com> Tue, 19 Jan 2016 13:15:40 -0600
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..c2d7d66
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,178 @@
+Source: isc-kea
+Section: net
+Priority: optional
+Maintainer: Kea <isc-kea@packages.debian.org>
+Uploaders:
+ Adam Majer <adamm@zombino.com>,
+ Ondřej SurĆ½ <ondrej@debian.org>,
+ Jason Guy <jason.e.guy@gmail.com>,
+ Paride Legovini <paride@debian.org>,
+ Athos Ribeiro <athos.ribeiro@canonical.com>,
+Build-Depends:
+ bison,
+ debhelper-compat (= 13),
+ default-libmysqlclient-dev,
+ dh-apparmor,
+ dh-python,
+ docbook,
+ docbook-xsl,
+ elinks,
+ flex,
+ libboost-dev,
+ libboost-system-dev,
+ liblog4cplus-dev,
+ libpq-dev,
+ libssl-dev,
+ po-debconf,
+ postgresql-server-dev-all,
+ procps,
+ python3-dev,
+ python3-sphinx,
+ python3-sphinx-rtd-theme,
+ xsltproc,
+Standards-Version: 4.6.2
+Homepage: http://kea.isc.org/
+Vcs-Git: https://salsa.debian.org/debian/isc-kea.git
+Vcs-Browser: https://salsa.debian.org/debian/isc-kea
+Rules-Requires-Root: no
+
+Package: kea
+Architecture: all
+Depends:
+ kea-admin,
+ kea-ctrl-agent,
+ kea-dhcp-ddns-server,
+ kea-dhcp4-server,
+ kea-dhcp6-server,
+ ${misc:Depends},
+Description: DHCP server [meta]
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
+ providing a very high-performance with PostgreSQL, MySQL and memfile backends.
+ .
+ This is a metapackage that depends on all server components of Kea.
+
+Package: kea-admin
+Architecture: any
+Section: admin
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Administration utilities for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides backend database initialization and migration
+ scripts and a DHCP benchmark tool.
+
+Package: kea-common
+Architecture: any
+Depends:
+ adduser,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Common libraries for the Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides common libraries used by Kea servers and utilities.
+
+Package: kea-ctrl-agent
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ python3-kea-connector,
+ debconf (>= 0.5),
+ ${misc:Depends},
+ ${python3:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: REST API service for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides the REST API service agent for Kea DHCP.
+
+Package: kea-dev
+Architecture: any
+Section: devel
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Development headers for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides headers and static libraries of the common Kea
+ libraries, including libdhcp++.
+
+Package: kea-dhcp-ddns-server
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: DHCP Dynamic DNS service
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides Dynamic DNS service to update DNS mapping based on
+ DHCP lease events.
+
+Package: kea-dhcp4-server
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: IPv4 DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
+ providing a very high-performance with PostgreSQL, MySQL and memfile backends.
+ .
+ This package provides the IPv4 DHCP server.
+
+Package: kea-dhcp6-server
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: IPv6 DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
+ providing a very high-performance with PostgreSQL, MySQL and memfile backends.
+ .
+ This package provides the IPv6 DHCP server.
+
+Package: kea-doc
+Architecture: all
+Section: doc
+Depends:
+ ${misc:Depends},
+Recommends:
+ libjs-mathjax,
+Description: Documentation for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides documentation for the DHCP servers.
+
+Package: python3-kea-connector
+Architecture: all
+Section: python
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Description: Python3 management connector for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides Python3 connector.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..d90da60
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,408 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+License: MPL-2.0
+
+Files: debian/*
+Copyright: 2016-2018, Adam Majer <adamm@zombino.com>
+ 2017-2018, Jason Guy (jason.e.guy@gmail.com)
+ 2018-2019, Internet Systems Consortium, Inc.
+ 2022-2024, Canonical Ltd.
+License: MPL-2.0
+
+Files: src/bin/agent/agent_parser.cc
+ src/bin/agent/agent_parser.h
+ src/bin/agent/location.hh
+ src/bin/d2/d2_parser.cc
+ src/bin/d2/d2_parser.h
+ src/bin/d2/location.hh
+ src/bin/dhcp4/dhcp4_parser.cc
+ src/bin/dhcp4/dhcp4_parser.h
+ src/bin/dhcp4/location.hh
+ src/bin/dhcp6/dhcp6_parser.cc
+ src/bin/dhcp6/dhcp6_parser.h
+ src/bin/dhcp6/location.hh
+ src/lib/eval/location.hh
+ src/lib/eval/parser.cc
+ src/lib/eval/parser.h
+Copyright: 2002-2015, Free Software Foundation, Inc.
+License: GPL-3+-with-bison-exception
+
+Files: src/lib/util/encode/*
+Copyright: 2002, Robert Ramey - http:www.rrsd.com .
+License: BSL-1.0
+
+License: GPL-3+-with-bison-exception
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 3 dated June, 2007, or (at
+ your option) any later version.
+ .
+ As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+ .
+ On Debian systems, the complete text of version 3 of the GNU General
+ Public License can be found in '/usr/share/common-licenses/GPL-3'.
+
+License: MPL-2.0
+ .
+ Mozilla Public License Version 2.0
+ ==================================
+ .
+ 1. Definitions
+ --------------
+ 1.1. "Contributor"
+ means each individual or legal entity that creates, contributes to
+ the creation of, or owns Covered Software.
+ 1.2. "Contributor Version"
+ means the combination of the Contributions of others (if any) used
+ by a Contributor and that particular Contributor's Contribution.
+ 1.3. "Contribution"
+ means Covered Software of a particular Contributor.
+ 1.4. "Covered Software"
+ means Source Code Form to which the initial Contributor has attached
+ the notice in Exhibit A, the Executable Form of such Source Code
+ Form, and Modifications of such Source Code Form, in each case
+ including portions thereof.
+ 1.5. "Incompatible With Secondary Licenses"
+ means
+ (a) that the initial Contributor has attached the notice described
+ in Exhibit B to the Covered Software; or
+ (b) that the Covered Software was made available under the terms of
+ version 1.1 or earlier of the License, but not also under the
+ terms of a Secondary License.
+ 1.6. "Executable Form"
+ means any form of the work other than Source Code Form.
+ 1.7. "Larger Work"
+ means a work that combines Covered Software with other material, in
+ a separate file or files, that is not Covered Software.
+ 1.8. "License"
+ means this document.
+ 1.9. "Licensable"
+ means having the right to grant, to the maximum extent possible,
+ whether at the time of the initial grant or subsequently, any and
+ all of the rights conveyed by this License.
+ 1.10. "Modifications"
+ means any of the following:
+ (a) any file in Source Code Form that results from an addition to,
+ deletion from, or modification of the contents of Covered
+ Software; or
+ (b) any new file in Source Code Form that contains any Covered
+ Software.
+ 1.11. "Patent Claims" of a Contributor
+ means any patent claim(s), including without limitation, method,
+ process, and apparatus claims, in any patent Licensable by such
+ Contributor that would be infringed, but for the grant of the
+ License, by the making, using, selling, offering for sale, having
+ made, import, or transfer of either its Contributions or its
+ Contributor Version.
+ 1.12. "Secondary License"
+ means either the GNU General Public License, Version 2.0, the GNU
+ Lesser General Public License, Version 2.1, the GNU Affero General
+ Public License, Version 3.0, or any later versions of those
+ licenses.
+ 1.13. "Source Code Form"
+ means the form of the work preferred for making modifications.
+ 1.14. "You" (or "Your")
+ means an individual or a legal entity exercising rights under this
+ License. For legal entities, "You" includes any entity that
+ controls, is controlled by, or is under common control with You. For
+ purposes of this definition, "control" means (a) the power, direct
+ or indirect, to cause the direction or management of such entity,
+ whether by contract or otherwise, or (b) ownership of more than
+ fifty percent (50%) of the outstanding shares or beneficial
+ ownership of such entity.
+ .
+ 2. License Grants and Conditions
+ --------------------------------
+ 2.1. Grants
+ Each Contributor hereby grants You a world-wide, royalty-free,
+ non-exclusive license:
+ (a) under intellectual property rights (other than patent or trademark)
+ Licensable by such Contributor to use, reproduce, make available,
+ modify, display, perform, distribute, and otherwise exploit its
+ Contributions, either on an unmodified basis, with Modifications, or
+ as part of a Larger Work; and
+ (b) under Patent Claims of such Contributor to make, use, sell, offer
+ for sale, have made, import, and otherwise transfer either its
+ Contributions or its Contributor Version.
+ .
+ 2.2. Effective Date
+ The licenses granted in Section 2.1 with respect to any Contribution
+ become effective for each Contribution on the date the Contributor first
+ distributes such Contribution.
+ .
+ 2.3. Limitations on Grant Scope
+ The licenses granted in this Section 2 are the only rights granted under
+ this License. No additional rights or licenses will be implied from the
+ distribution or licensing of Covered Software under this License.
+ Notwithstanding Section 2.1(b) above, no patent license is granted by a
+ Contributor:
+ (a) for any code that a Contributor has removed from Covered Software;
+ or
+ (b) for infringements caused by: (i) Your and any other third party's
+ modifications of Covered Software, or (ii) the combination of its
+ Contributions with other software (except as part of its Contributor
+ Version); or
+ (c) under Patent Claims infringed by Covered Software in the absence of
+ its Contributions.
+ This License does not grant any rights in the trademarks, service marks,
+ or logos of any Contributor (except as may be necessary to comply with
+ the notice requirements in Section 3.4).
+ .
+ 2.4. Subsequent Licenses
+ No Contributor makes additional grants as a result of Your choice to
+ distribute the Covered Software under a subsequent version of this
+ License (see Section 10.2) or under the terms of a Secondary License (if
+ permitted under the terms of Section 3.3).
+ .
+ 2.5. Representation
+ Each Contributor represents that the Contributor believes its
+ Contributions are its original creation(s) or it has sufficient rights
+ to grant the rights to its Contributions conveyed by this License.
+ .
+ 2.6. Fair Use
+ This License is not intended to limit any rights You have under
+ applicable copyright doctrines of fair use, fair dealing, or other
+ equivalents.
+ .
+ 2.7. Conditions
+ Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+ in Section 2.1.
+ .
+ 3. Responsibilities
+ -------------------
+ 3.1. Distribution of Source Form
+ All distribution of Covered Software in Source Code Form, including any
+ Modifications that You create or to which You contribute, must be under
+ the terms of this License. You must inform recipients that the Source
+ Code Form of the Covered Software is governed by the terms of this
+ License, and how they can obtain a copy of this License. You may not
+ attempt to alter or restrict the recipients' rights in the Source Code
+ Form.
+ .
+ 3.2. Distribution of Executable Form
+ If You distribute Covered Software in Executable Form then:
+ (a) such Covered Software must also be made available in Source Code
+ Form, as described in Section 3.1, and You must inform recipients of
+ the Executable Form how they can obtain a copy of such Source Code
+ Form by reasonable means in a timely manner, at a charge no more
+ than the cost of distribution to the recipient; and
+ (b) You may distribute such Executable Form under the terms of this
+ License, or sublicense it under different terms, provided that the
+ license for the Executable Form does not attempt to limit or alter
+ the recipients' rights in the Source Code Form under this License.
+ 3.3. Distribution of a Larger Work
+ You may create and distribute a Larger Work under terms of Your choice,
+ provided that You also comply with the requirements of this License for
+ the Covered Software. If the Larger Work is a combination of Covered
+ Software with a work governed by one or more Secondary Licenses, and the
+ Covered Software is not Incompatible With Secondary Licenses, this
+ License permits You to additionally distribute such Covered Software
+ under the terms of such Secondary License(s), so that the recipient of
+ the Larger Work may, at their option, further distribute the Covered
+ Software under the terms of either this License or such Secondary
+ License(s).
+ .
+ 3.4. Notices
+ You may not remove or alter the substance of any license notices
+ (including copyright notices, patent notices, disclaimers of warranty,
+ or limitations of liability) contained within the Source Code Form of
+ the Covered Software, except that You may alter any license notices to
+ the extent required to remedy known factual inaccuracies.
+ .
+ 3.5. Application of Additional Terms
+ You may choose to offer, and to charge a fee for, warranty, support,
+ indemnity or liability obligations to one or more recipients of Covered
+ Software. However, You may do so only on Your own behalf, and not on
+ behalf of any Contributor. You must make it absolutely clear that any
+ such warranty, support, indemnity, or liability obligation is offered by
+ You alone, and You hereby agree to indemnify every Contributor for any
+ liability incurred by such Contributor as a result of warranty, support,
+ indemnity or liability terms You offer. You may include additional
+ disclaimers of warranty and limitations of liability specific to any
+ jurisdiction.
+ .
+ 4. Inability to Comply Due to Statute or Regulation
+ ---------------------------------------------------
+ .
+ If it is impossible for You to comply with any of the terms of this
+ License with respect to some or all of the Covered Software due to
+ statute, judicial order, or regulation then You must: (a) comply with
+ the terms of this License to the maximum extent possible; and (b)
+ describe the limitations and the code they affect. Such description must
+ be placed in a text file included with all distributions of the Covered
+ Software under this License. Except to the extent prohibited by statute
+ or regulation, such description must be sufficiently detailed for a
+ recipient of ordinary skill to be able to understand it.
+ .
+ 5. Termination
+ --------------
+ .
+ 5.1. The rights granted under this License will terminate automatically
+ if You fail to comply with any of its terms. However, if You become
+ compliant, then the rights granted under this License from a particular
+ Contributor are reinstated (a) provisionally, unless and until such
+ Contributor explicitly and finally terminates Your grants, and (b) on an
+ ongoing basis, if such Contributor fails to notify You of the
+ non-compliance by some reasonable means prior to 60 days after You have
+ come back into compliance. Moreover, Your grants from a particular
+ Contributor are reinstated on an ongoing basis if such Contributor
+ notifies You of the non-compliance by some reasonable means, this is the
+ first time You have received notice of non-compliance with this License
+ from such Contributor, and You become compliant prior to 30 days after
+ Your receipt of the notice.
+ .
+ 5.2. If You initiate litigation against any entity by asserting a patent
+ infringement claim (excluding declaratory judgment actions,
+ counter-claims, and cross-claims) alleging that a Contributor Version
+ directly or indirectly infringes any patent, then the rights granted to
+ You by any and all Contributors for the Covered Software under Section
+ 2.1 of this License shall terminate.
+ .
+ 5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+ end user license agreements (excluding distributors and resellers) which
+ have been validly granted by You or Your distributors under this License
+ prior to termination shall survive termination.
+ .
+ ************************************************************************
+ * *
+ * 6. Disclaimer of Warranty *
+ * ------------------------- *
+ * *
+ * Covered Software is provided under this License on an "as is" *
+ * basis, without warranty of any kind, either expressed, implied, or *
+ * statutory, including, without limitation, warranties that the *
+ * Covered Software is free of defects, merchantable, fit for a *
+ * particular purpose or non-infringing. The entire risk as to the *
+ * quality and performance of the Covered Software is with You. *
+ * Should any Covered Software prove defective in any respect, You *
+ * (not any Contributor) assume the cost of any necessary servicing, *
+ * repair, or correction. This disclaimer of warranty constitutes an *
+ * essential part of this License. No use of any Covered Software is *
+ * authorized under this License except under this disclaimer. *
+ * *
+ ************************************************************************
+ .
+ ************************************************************************
+ * *
+ * 7. Limitation of Liability *
+ * -------------------------- *
+ * *
+ * Under no circumstances and under no legal theory, whether tort *
+ * (including negligence), contract, or otherwise, shall any *
+ * Contributor, or anyone who distributes Covered Software as *
+ * permitted above, be liable to You for any direct, indirect, *
+ * special, incidental, or consequential damages of any character *
+ * including, without limitation, damages for lost profits, loss of *
+ * goodwill, work stoppage, computer failure or malfunction, or any *
+ * and all other commercial damages or losses, even if such party *
+ * shall have been informed of the possibility of such damages. This *
+ * limitation of liability shall not apply to liability for death or *
+ * personal injury resulting from such party's negligence to the *
+ * extent applicable law prohibits such limitation. Some *
+ * jurisdictions do not allow the exclusion or limitation of *
+ * incidental or consequential damages, so this exclusion and *
+ * limitation may not apply to You. *
+ * *
+ ************************************************************************
+ .
+ 8. Litigation
+ -------------
+ Any litigation relating to this License may be brought only in the
+ courts of a jurisdiction where the defendant maintains its principal
+ place of business and such litigation shall be governed by laws of that
+ jurisdiction, without reference to its conflict-of-law provisions.
+ Nothing in this Section shall prevent a party's ability to bring
+ cross-claims or counter-claims.
+ .
+ 9. Miscellaneous
+ ----------------
+ This License represents the complete agreement concerning the subject
+ matter hereof. If any provision of this License is held to be
+ unenforceable, such provision shall be reformed only to the extent
+ necessary to make it enforceable. Any law or regulation which provides
+ that the language of a contract shall be construed against the drafter
+ shall not be used to construe this License against a Contributor.
+ .
+ 10. Versions of the License
+ ---------------------------
+ .
+ 10.1. New Versions
+ Mozilla Foundation is the license steward. Except as provided in Section
+ 10.3, no one other than the license steward has the right to modify or
+ publish new versions of this License. Each version will be given a
+ distinguishing version number.
+ .
+ 10.2. Effect of New Versions
+ You may distribute the Covered Software under the terms of the version
+ of the License under which You originally received the Covered Software,
+ or under the terms of any subsequent version published by the license
+ steward.
+ .
+ 10.3. Modified Versions
+ If you create software not governed by this License, and you want to
+ create a new license for such software, you may create and use a
+ modified version of this License if you rename the license and remove
+ any references to the name of the license steward (except to note that
+ such modified license differs from this License).
+ .
+ 10.4. Distributing Source Code Form that is Incompatible With Secondary
+ Licenses
+ .
+ If You choose to distribute Source Code Form that is Incompatible With
+ Secondary Licenses under the terms of this version of the License, the
+ notice described in Exhibit B of this License must be attached.
+ .
+ Exhibit A - Source Code Form License Notice
+ -------------------------------------------
+ .
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ .
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to look
+ for such a notice.
+ .
+ You may add additional accurate notices of copyright ownership.
+ .
+ Exhibit B - "Incompatible With Secondary Licenses" Notice
+ ---------------------------------------------------------
+ .
+ This Source Code Form is "Incompatible With Secondary Licenses", as
+ defined by the Mozilla Public License, v. 2.0.
+
+License: BSL-1.0
+ Boost Software License - Version 1.0 - August 17th, 2003
+ .
+ Permission is hereby granted, free of charge, to any person or organization
+ obtaining a copy of the software and accompanying documentation covered by
+ this license (the "Software") to use, reproduce, display, distribute,
+ execute, and transmit the Software, and to prepare derivative works of the
+ Software, and to permit third-parties to whom the Software is furnished to
+ do so, all subject to the following:
+ .
+ The copyright notices in the Software and this entire statement, including
+ the above license grant, this restriction and the following disclaimer,
+ must be included in all copies of the Software, in whole or in part, and
+ all derivative works of the Software, unless such copies or derivative
+ works are solely in the form of machine-executable object code generated by
+ a source language processor.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
diff --git a/debian/copyright-scan-patterns.yml b/debian/copyright-scan-patterns.yml
new file mode 100644
index 0000000..3592d24
--- /dev/null
+++ b/debian/copyright-scan-patterns.yml
@@ -0,0 +1,33 @@
+---
+check:
+ suffixes:
+ - asm
+ - lua
+ - nqp
+ - s
+ - template
+ignore:
+ pattern:
+ - /debian/
+ - Makefile
+ - AUTHORS
+ - README
+ - ChangeLog
+ - INSTALL
+ - MANIFEST
+ - /config(.guess|ure|ure.ac|.h.in|.sub)
+ suffixes:
+ - generic
+ - rst
+ - jpg
+ - yml
+ - png
+ - dia
+ - o
+ - htm
+ - html
+ - txt
+ - install
+ - M
+ - in
+
diff --git a/debian/fill.copyright.blanks.yml b/debian/fill.copyright.blanks.yml
new file mode 100644
index 0000000..b1c7e8e
--- /dev/null
+++ b/debian/fill.copyright.blanks.yml
@@ -0,0 +1,18 @@
+---
+src/hooks/* :
+ copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+doc/* :
+ copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+src/lib/dhcpsrv/cache_host_data_source.h :
+ copyright: 2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+ext/* :
+ copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+m4macros/* :
+ copyright: 1994-2013, Free Software Foundation, Inc.
+ license: MPL-2.0
+
+
diff --git a/debian/fix.scanned.copyright b/debian/fix.scanned.copyright
new file mode 100644
index 0000000..2f1c741
--- /dev/null
+++ b/debian/fix.scanned.copyright
@@ -0,0 +1,368 @@
+! License:"MPL-2.0"
+ text="
+ Mozilla Public License Version 2.0
+ ==================================
+ .
+ 1. Definitions
+ --------------
+ 1.1. \"Contributor\"
+ means each individual or legal entity that creates, contributes to
+ the creation of, or owns Covered Software.
+ 1.2. \"Contributor Version\"
+ means the combination of the Contributions of others (if any) used
+ by a Contributor and that particular Contributor's Contribution.
+ 1.3. \"Contribution\"
+ means Covered Software of a particular Contributor.
+ 1.4. \"Covered Software\"
+ means Source Code Form to which the initial Contributor has attached
+ the notice in Exhibit A, the Executable Form of such Source Code
+ Form, and Modifications of such Source Code Form, in each case
+ including portions thereof.
+ 1.5. \"Incompatible With Secondary Licenses\"
+ means
+ (a) that the initial Contributor has attached the notice described
+ in Exhibit B to the Covered Software; or
+ (b) that the Covered Software was made available under the terms of
+ version 1.1 or earlier of the License, but not also under the
+ terms of a Secondary License.
+ 1.6. \"Executable Form\"
+ means any form of the work other than Source Code Form.
+ 1.7. \"Larger Work\"
+ means a work that combines Covered Software with other material, in
+ a separate file or files, that is not Covered Software.
+ 1.8. \"License\"
+ means this document.
+ 1.9. \"Licensable\"
+ means having the right to grant, to the maximum extent possible,
+ whether at the time of the initial grant or subsequently, any and
+ all of the rights conveyed by this License.
+ 1.10. \"Modifications\"
+ means any of the following:
+ (a) any file in Source Code Form that results from an addition to,
+ deletion from, or modification of the contents of Covered
+ Software; or
+ (b) any new file in Source Code Form that contains any Covered
+ Software.
+ 1.11. \"Patent Claims\" of a Contributor
+ means any patent claim(s), including without limitation, method,
+ process, and apparatus claims, in any patent Licensable by such
+ Contributor that would be infringed, but for the grant of the
+ License, by the making, using, selling, offering for sale, having
+ made, import, or transfer of either its Contributions or its
+ Contributor Version.
+ 1.12. \"Secondary License\"
+ means either the GNU General Public License, Version 2.0, the GNU
+ Lesser General Public License, Version 2.1, the GNU Affero General
+ Public License, Version 3.0, or any later versions of those
+ licenses.
+ 1.13. \"Source Code Form\"
+ means the form of the work preferred for making modifications.
+ 1.14. \"You\" (or \"Your\")
+ means an individual or a legal entity exercising rights under this
+ License. For legal entities, \"You\" includes any entity that
+ controls, is controlled by, or is under common control with You. For
+ purposes of this definition, \"control\" means (a) the power, direct
+ or indirect, to cause the direction or management of such entity,
+ whether by contract or otherwise, or (b) ownership of more than
+ fifty percent (50%) of the outstanding shares or beneficial
+ ownership of such entity.
+ .
+ 2. License Grants and Conditions
+ --------------------------------
+ 2.1. Grants
+ Each Contributor hereby grants You a world-wide, royalty-free,
+ non-exclusive license:
+ (a) under intellectual property rights (other than patent or trademark)
+ Licensable by such Contributor to use, reproduce, make available,
+ modify, display, perform, distribute, and otherwise exploit its
+ Contributions, either on an unmodified basis, with Modifications, or
+ as part of a Larger Work; and
+ (b) under Patent Claims of such Contributor to make, use, sell, offer
+ for sale, have made, import, and otherwise transfer either its
+ Contributions or its Contributor Version.
+ .
+ 2.2. Effective Date
+ The licenses granted in Section 2.1 with respect to any Contribution
+ become effective for each Contribution on the date the Contributor first
+ distributes such Contribution.
+ .
+ 2.3. Limitations on Grant Scope
+ The licenses granted in this Section 2 are the only rights granted under
+ this License. No additional rights or licenses will be implied from the
+ distribution or licensing of Covered Software under this License.
+ Notwithstanding Section 2.1(b) above, no patent license is granted by a
+ Contributor:
+ (a) for any code that a Contributor has removed from Covered Software;
+ or
+ (b) for infringements caused by: (i) Your and any other third party's
+ modifications of Covered Software, or (ii) the combination of its
+ Contributions with other software (except as part of its Contributor
+ Version); or
+ (c) under Patent Claims infringed by Covered Software in the absence of
+ its Contributions.
+ This License does not grant any rights in the trademarks, service marks,
+ or logos of any Contributor (except as may be necessary to comply with
+ the notice requirements in Section 3.4).
+ .
+ 2.4. Subsequent Licenses
+ No Contributor makes additional grants as a result of Your choice to
+ distribute the Covered Software under a subsequent version of this
+ License (see Section 10.2) or under the terms of a Secondary License (if
+ permitted under the terms of Section 3.3).
+ .
+ 2.5. Representation
+ Each Contributor represents that the Contributor believes its
+ Contributions are its original creation(s) or it has sufficient rights
+ to grant the rights to its Contributions conveyed by this License.
+ .
+ 2.6. Fair Use
+ This License is not intended to limit any rights You have under
+ applicable copyright doctrines of fair use, fair dealing, or other
+ equivalents.
+ .
+ 2.7. Conditions
+ Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+ in Section 2.1.
+ .
+ 3. Responsibilities
+ -------------------
+ 3.1. Distribution of Source Form
+ All distribution of Covered Software in Source Code Form, including any
+ Modifications that You create or to which You contribute, must be under
+ the terms of this License. You must inform recipients that the Source
+ Code Form of the Covered Software is governed by the terms of this
+ License, and how they can obtain a copy of this License. You may not
+ attempt to alter or restrict the recipients' rights in the Source Code
+ Form.
+ .
+ 3.2. Distribution of Executable Form
+ If You distribute Covered Software in Executable Form then:
+ (a) such Covered Software must also be made available in Source Code
+ Form, as described in Section 3.1, and You must inform recipients of
+ the Executable Form how they can obtain a copy of such Source Code
+ Form by reasonable means in a timely manner, at a charge no more
+ than the cost of distribution to the recipient; and
+ (b) You may distribute such Executable Form under the terms of this
+ License, or sublicense it under different terms, provided that the
+ license for the Executable Form does not attempt to limit or alter
+ the recipients' rights in the Source Code Form under this License.
+ 3.3. Distribution of a Larger Work
+ You may create and distribute a Larger Work under terms of Your choice,
+ provided that You also comply with the requirements of this License for
+ the Covered Software. If the Larger Work is a combination of Covered
+ Software with a work governed by one or more Secondary Licenses, and the
+ Covered Software is not Incompatible With Secondary Licenses, this
+ License permits You to additionally distribute such Covered Software
+ under the terms of such Secondary License(s), so that the recipient of
+ the Larger Work may, at their option, further distribute the Covered
+ Software under the terms of either this License or such Secondary
+ License(s).
+ .
+ 3.4. Notices
+ You may not remove or alter the substance of any license notices
+ (including copyright notices, patent notices, disclaimers of warranty,
+ or limitations of liability) contained within the Source Code Form of
+ the Covered Software, except that You may alter any license notices to
+ the extent required to remedy known factual inaccuracies.
+ .
+ 3.5. Application of Additional Terms
+ You may choose to offer, and to charge a fee for, warranty, support,
+ indemnity or liability obligations to one or more recipients of Covered
+ Software. However, You may do so only on Your own behalf, and not on
+ behalf of any Contributor. You must make it absolutely clear that any
+ such warranty, support, indemnity, or liability obligation is offered by
+ You alone, and You hereby agree to indemnify every Contributor for any
+ liability incurred by such Contributor as a result of warranty, support,
+ indemnity or liability terms You offer. You may include additional
+ disclaimers of warranty and limitations of liability specific to any
+ jurisdiction.
+ .
+ 4. Inability to Comply Due to Statute or Regulation
+ ---------------------------------------------------
+ .
+ If it is impossible for You to comply with any of the terms of this
+ License with respect to some or all of the Covered Software due to
+ statute, judicial order, or regulation then You must: (a) comply with
+ the terms of this License to the maximum extent possible; and (b)
+ describe the limitations and the code they affect. Such description must
+ be placed in a text file included with all distributions of the Covered
+ Software under this License. Except to the extent prohibited by statute
+ or regulation, such description must be sufficiently detailed for a
+ recipient of ordinary skill to be able to understand it.
+ .
+ 5. Termination
+ --------------
+ .
+ 5.1. The rights granted under this License will terminate automatically
+ if You fail to comply with any of its terms. However, if You become
+ compliant, then the rights granted under this License from a particular
+ Contributor are reinstated (a) provisionally, unless and until such
+ Contributor explicitly and finally terminates Your grants, and (b) on an
+ ongoing basis, if such Contributor fails to notify You of the
+ non-compliance by some reasonable means prior to 60 days after You have
+ come back into compliance. Moreover, Your grants from a particular
+ Contributor are reinstated on an ongoing basis if such Contributor
+ notifies You of the non-compliance by some reasonable means, this is the
+ first time You have received notice of non-compliance with this License
+ from such Contributor, and You become compliant prior to 30 days after
+ Your receipt of the notice.
+ .
+ 5.2. If You initiate litigation against any entity by asserting a patent
+ infringement claim (excluding declaratory judgment actions,
+ counter-claims, and cross-claims) alleging that a Contributor Version
+ directly or indirectly infringes any patent, then the rights granted to
+ You by any and all Contributors for the Covered Software under Section
+ 2.1 of this License shall terminate.
+ .
+ 5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+ end user license agreements (excluding distributors and resellers) which
+ have been validly granted by You or Your distributors under this License
+ prior to termination shall survive termination.
+ .
+ ************************************************************************
+ * *
+ * 6. Disclaimer of Warranty *
+ * ------------------------- *
+ * *
+ * Covered Software is provided under this License on an \"as is\" *
+ * basis, without warranty of any kind, either expressed, implied, or *
+ * statutory, including, without limitation, warranties that the *
+ * Covered Software is free of defects, merchantable, fit for a *
+ * particular purpose or non-infringing. The entire risk as to the *
+ * quality and performance of the Covered Software is with You. *
+ * Should any Covered Software prove defective in any respect, You *
+ * (not any Contributor) assume the cost of any necessary servicing, *
+ * repair, or correction. This disclaimer of warranty constitutes an *
+ * essential part of this License. No use of any Covered Software is *
+ * authorized under this License except under this disclaimer. *
+ * *
+ ************************************************************************
+ .
+ ************************************************************************
+ * *
+ * 7. Limitation of Liability *
+ * -------------------------- *
+ * *
+ * Under no circumstances and under no legal theory, whether tort *
+ * (including negligence), contract, or otherwise, shall any *
+ * Contributor, or anyone who distributes Covered Software as *
+ * permitted above, be liable to You for any direct, indirect, *
+ * special, incidental, or consequential damages of any character *
+ * including, without limitation, damages for lost profits, loss of *
+ * goodwill, work stoppage, computer failure or malfunction, or any *
+ * and all other commercial damages or losses, even if such party *
+ * shall have been informed of the possibility of such damages. This *
+ * limitation of liability shall not apply to liability for death or *
+ * personal injury resulting from such party's negligence to the *
+ * extent applicable law prohibits such limitation. Some *
+ * jurisdictions do not allow the exclusion or limitation of *
+ * incidental or consequential damages, so this exclusion and *
+ * limitation may not apply to You. *
+ * *
+ ************************************************************************
+ .
+ 8. Litigation
+ -------------
+ Any litigation relating to this License may be brought only in the
+ courts of a jurisdiction where the defendant maintains its principal
+ place of business and such litigation shall be governed by laws of that
+ jurisdiction, without reference to its conflict-of-law provisions.
+ Nothing in this Section shall prevent a party's ability to bring
+ cross-claims or counter-claims.
+ .
+ 9. Miscellaneous
+ ----------------
+ This License represents the complete agreement concerning the subject
+ matter hereof. If any provision of this License is held to be
+ unenforceable, such provision shall be reformed only to the extent
+ necessary to make it enforceable. Any law or regulation which provides
+ that the language of a contract shall be construed against the drafter
+ shall not be used to construe this License against a Contributor.
+ .
+ 10. Versions of the License
+ ---------------------------
+ .
+ 10.1. New Versions
+ Mozilla Foundation is the license steward. Except as provided in Section
+ 10.3, no one other than the license steward has the right to modify or
+ publish new versions of this License. Each version will be given a
+ distinguishing version number.
+ .
+ 10.2. Effect of New Versions
+ You may distribute the Covered Software under the terms of the version
+ of the License under which You originally received the Covered Software,
+ or under the terms of any subsequent version published by the license
+ steward.
+ .
+ 10.3. Modified Versions
+ If you create software not governed by this License, and you want to
+ create a new license for such software, you may create and use a
+ modified version of this License if you rename the license and remove
+ any references to the name of the license steward (except to note that
+ such modified license differs from this License).
+ .
+ 10.4. Distributing Source Code Form that is Incompatible With Secondary
+ Licenses
+ .
+ If You choose to distribute Source Code Form that is Incompatible With
+ Secondary Licenses under the terms of this version of the License, the
+ notice described in Exhibit B of this License must be attached.
+ .
+ Exhibit A - Source Code Form License Notice
+ -------------------------------------------
+ .
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ .
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to look
+ for such a notice.
+ .
+ You may add additional accurate notices of copyright ownership.
+ .
+ Exhibit B - \"Incompatible With Secondary Licenses\" Notice
+ ---------------------------------------------------------
+ .
+ This Source Code Form is \"Incompatible With Secondary Licenses\", as
+ defined by the Mozilla Public License, v. 2.0."
+
+! License:"BSL-1.0"
+ text="
+ Boost Software License - Version 1.0 - August 17th, 2003
+ .
+ Permission is hereby granted, free of charge, to any person or organization
+ obtaining a copy of the software and accompanying documentation covered by
+ this license (the \"Software\") to use, reproduce, display, distribute,
+ execute, and transmit the Software, and to prepare derivative works of the
+ Software, and to permit third-parties to whom the Software is furnished to
+ do so, all subject to the following:
+ .
+ The copyright notices in the Software and this entire statement, including
+ the above license grant, this restriction and the following disclaimer,
+ must be included in all copies of the Software, in whole or in part, and
+ all derivative works of the Software, unless such copies or derivative
+ works are solely in the form of machine-executable object code generated by
+ a source language processor.
+ .
+ THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE."
+
+! Files:"*"
+ Copyright="2010-2018, Internet Systems Consortium, Inc. (\"ISC\")"
+ License short_name="MPL-2.0"
+
+! Files:"debian/*"
+ Copyright="2016-2018, Adam Majer <adamm@zombino.com> / 2017-2018, Jason Guy (jason.e.guy@gmail.com) / 2018-2018, Internet Systems Consortium, Inc."
+ License short_name="MPL-2.0"
+
+! Files:"src/lib/util/encode/*"
+ Copyright="2002, Robert Ramey - http:www.rrsd.com ."
+ License short_name="BSL-1.0"
+
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..ed04da0
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = debian/unstable
+pristine-tar = True
+pristine-tar-commit = True
diff --git a/debian/kea-admin.install b/debian/kea-admin.install
new file mode 100644
index 0000000..9117487
--- /dev/null
+++ b/debian/kea-admin.install
@@ -0,0 +1,3 @@
+usr/sbin/kea-admin
+usr/sbin/perfdhcp
+usr/share/kea/scripts
diff --git a/debian/kea-admin.lintian-overrides b/debian/kea-admin.lintian-overrides
new file mode 100644
index 0000000..8500cf7
--- /dev/null
+++ b/debian/kea-admin.lintian-overrides
@@ -0,0 +1,2 @@
+kea-admin: script-not-executable [usr/share/kea/scripts/*]
+kea-admin: bash-term-in-posix-shell
diff --git a/debian/kea-admin.manpages b/debian/kea-admin.manpages
new file mode 100644
index 0000000..342d39e
--- /dev/null
+++ b/debian/kea-admin.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man8/kea-admin.8
+usr/share/man/man8/perfdhcp.8
diff --git a/debian/kea-common.install b/debian/kea-common.install
new file mode 100644
index 0000000..b7023a0
--- /dev/null
+++ b/debian/kea-common.install
@@ -0,0 +1,4 @@
+debian/usr.sbin.kea-lfc etc/apparmor.d/
+usr/lib/*/kea/hooks
+usr/lib/*/libkea-*.so.*
+usr/sbin/kea-lfc
diff --git a/debian/kea-common.lintian-overrides b/debian/kea-common.lintian-overrides
new file mode 100644
index 0000000..0efd491
--- /dev/null
+++ b/debian/kea-common.lintian-overrides
@@ -0,0 +1 @@
+kea-common: package-name-doesnt-match-sonames *
diff --git a/debian/kea-common.manpages b/debian/kea-common.manpages
new file mode 100644
index 0000000..12f0ade
--- /dev/null
+++ b/debian/kea-common.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-lfc.8
diff --git a/debian/kea-common.postinst b/debian/kea-common.postinst
new file mode 100644
index 0000000..61957be
--- /dev/null
+++ b/debian/kea-common.postinst
@@ -0,0 +1,39 @@
+#!/bin/sh
+# postinst script for kea-common
+#
+# see: dh_installdeb(1)
+
+set -e
+
+case "$1" in
+ configure)
+ addgroup --force-badname --system _kea >/dev/null || exit 1
+ adduser --force-badname --quiet --system --home /var/lib/kea \
+ --shell /bin/false --no-create-home --disabled-password --disabled-login \
+ --gecos "Kea DHCP User" --group _kea >/dev/null || exit 1
+
+ # From version 2.2.0-2 we leave the handling of the /var/log/kea and
+ # /var/lib/kea directories to systemd (creation and ownership/permissions
+ # settings). When upgrading from kea-common (< 2.2.0-2) drop the now
+ # useless dpkg-statoverrides.
+ if [ "$2" != "" ] && dpkg --compare-versions "$2" lt "2.2.0-2"; then
+ for d in /var/log/kea /var/lib/kea; do
+ if dpkg-statoverride --list $d >/dev/null 2>&1; then
+ dpkg-statoverride --remove $d
+ fi
+ done
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/kea-ctrl-agent.config b/debian/kea-ctrl-agent.config
new file mode 100644
index 0000000..00e4013
--- /dev/null
+++ b/debian/kea-ctrl-agent.config
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+ask_for_password() {
+ while :; do
+ RET=""
+ db_input high kea-ctrl-agent/kea_api_password || true
+ db_go || true
+ db_get kea-ctrl-agent/kea_api_password
+ if [ -z "$RET" ]; then
+ # empty passwords result in no action
+ break
+ fi
+ API_PASSWORD="$RET"
+ db_input high kea-ctrl-agent/kea_api_password_again || true
+ db_go || true
+ db_get kea-ctrl-agent/kea_api_password_again
+ if [ "$RET" = "$API_PASSWORD" ]; then
+ API_PASSWORD=""
+ break
+ fi
+ db_fset kea-ctrl-agent/password_mismatch seen false
+ db_input critical kea-ctrl-agent/password_mismatch || true
+ db_set kea-ctrl-agent/kea_api_password ""
+ db_set kea-ctrl-agent/kea_api_password_again ""
+ db_go || true
+ done
+}
+
+gen_random_pw() {
+ head -c 15 /dev/urandom | base64 | tr -d '[:space:]'
+}
+
+
+RET=""
+choice=""
+reconfigure=""
+
+if [ "${1}" = "configure" ] || [ "${1}" = "reconfigure" ]; then
+ if [ "${1}" = "reconfigure" ] || [ -n "${DEBCONF_RECONFIGURE}" ]; then
+ reconfigure="yes"
+ fi
+ # only ask questions on:
+ # - reconfigure
+ # - fresh install
+ # - upgrade from pre-debconf package (lt: empty version is "earlier", so
+ # this covers the fresh install case too)
+ if [ -n "${reconfigure}" ] || dpkg --compare-versions "$2" lt "2.2.0-5ubuntu2~"; then
+ db_input high kea-ctrl-agent/make_a_choice || true
+ db_go || true
+
+ db_get kea-ctrl-agent/make_a_choice
+ choice="${RET}"
+
+ case "${choice}" in
+ unconfigured)
+ # nothing to do
+ ;;
+ configured_password)
+ ask_for_password
+ ;;
+ configured_random_password)
+ db_set kea-ctrl-agent/kea_api_password "$(gen_random_pw)"
+ ;;
+ *)
+ # shouldn't happen, so it's the same as "unconfigured" above
+ ;;
+ esac
+ fi
+fi
diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init
new file mode 100644
index 0000000..3d1d5fa
--- /dev/null
+++ b/debian/kea-ctrl-agent.init
@@ -0,0 +1,161 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-ctrl-agent
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP Control Agent for REST Service
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
+### END INIT INFO
+# Author: Jason Guy <jason.e.guy@gmail.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=kea-ctrl-agent
+NAME=kea-ctrl-agent
+DAEMON=/usr/sbin/kea-ctrl-agent
+DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf"
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ create_pidfile_dir
+ export KEA_LOCKFILE_DIR
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-ctrl-agent.install b/debian/kea-ctrl-agent.install
new file mode 100644
index 0000000..c1184cf
--- /dev/null
+++ b/debian/kea-ctrl-agent.install
@@ -0,0 +1,4 @@
+etc/kea/kea-ctrl-agent.conf
+usr/sbin/kea-ctrl-agent
+usr/sbin/kea-shell
+debian/usr.sbin.kea-ctrl-agent etc/apparmor.d/
diff --git a/debian/kea-ctrl-agent.manpages b/debian/kea-ctrl-agent.manpages
new file mode 100644
index 0000000..ff73f6e
--- /dev/null
+++ b/debian/kea-ctrl-agent.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man8/kea-ctrl-agent.8
+usr/share/man/man8/kea-shell.8
diff --git a/debian/kea-ctrl-agent.postinst b/debian/kea-ctrl-agent.postinst
new file mode 100644
index 0000000..a3c94af
--- /dev/null
+++ b/debian/kea-ctrl-agent.postinst
@@ -0,0 +1,72 @@
+#!/bin/sh
+# postinst script for kea-ctrl-agent.
+#
+# See: dh_installdeb(1).
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# Summary of how this script can be called:
+# * <postinst> 'configure' <most-recently-configured-version>
+# * <old-postinst> 'abort-upgrade' <new version>
+# * <conflictor's-postinst> 'abort-remove' 'in-favour' <package>
+# <new-version>
+# * <postinst> 'abort-remove'
+# * <deconfigured's-postinst> 'abort-deconfigure' 'in-favour'
+# <failed-install-package> <version> 'removing'
+# <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package.
+
+
+case "$1" in
+ configure|reconfigure)
+ api_password=""
+ choice=""
+ pw_file=/etc/kea/kea-api-password
+
+ db_get kea-ctrl-agent/make_a_choice
+ choice="${RET}"
+ RET=""
+
+ case "${choice}" in
+ unconfigured)
+ # do nothing
+ ;;
+ configured_password|configured_random_password)
+ db_get kea-ctrl-agent/kea_api_password
+ api_password="${RET}"
+ ;;
+ *)
+ ;;
+ esac
+
+ if [ -n "${api_password}" ]; then
+ touch "${pw_file}"
+ chmod 0640 "${pw_file}"
+ chgrp _kea "${pw_file}"
+ # no extra \n
+ printf "%s" "${api_password}" > "${pw_file}"
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument '$1'" >&2
+ exit 1
+ ;;
+esac
+
+# forget we ever saw the password
+db_set kea-ctrl-agent/kea_api_password ""
+db_set kea-ctrl-agent/kea_api_password_again ""
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/kea-ctrl-agent.postrm b/debian/kea-ctrl-agent.postrm
new file mode 100644
index 0000000..f387553
--- /dev/null
+++ b/debian/kea-ctrl-agent.postrm
@@ -0,0 +1,40 @@
+#!/bin/sh
+# postrm script for kea-ctrl-agent.
+#
+# See: dh_installdeb(1).
+
+set -e
+
+# Summary of how this script can be called:
+# * <postrm> 'remove'
+# * <postrm> 'purge'
+# * <old-postrm> 'upgrade' <new-version>
+# * <new-postrm> 'failed-upgrade' <old-version>
+# * <new-postrm> 'abort-install'
+# * <new-postrm> 'abort-install' <old-version>
+# * <new-postrm> 'abort-upgrade' <old-version>
+# * <disappearer's-postrm> 'disappear' <overwriter>
+# <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package.
+
+
+case "$1" in
+ purge)
+ rm -f /etc/kea/kea-api-password
+ ;;
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument '$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/kea-ctrl-agent.service b/debian/kea-ctrl-agent.service
new file mode 100644
index 0000000..52e11ad
--- /dev/null
+++ b/debian/kea-ctrl-agent.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Kea Control Agent
+Documentation=man:kea-ctrl-agent(8)
+After=network-online.target time-sync.target
+ConditionFileNotEmpty=/etc/kea/kea-api-password
+
+[Service]
+User=_kea
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/kea-ctrl-agent.templates b/debian/kea-ctrl-agent.templates
new file mode 100644
index 0000000..090e353
--- /dev/null
+++ b/debian/kea-ctrl-agent.templates
@@ -0,0 +1,34 @@
+Template: kea-ctrl-agent/kea_api_password
+Type: password
+_Description: New password for the kea control agent "kea_api" user:
+ This password will be stored in the /etc/kea/kea-api-password file.
+ .
+ NOTE: if the password is empty, no action will be taken.
+
+Template: kea-ctrl-agent/kea_api_password_again
+Type: password
+_Description: Repeat password for the kea control agent "kea_api" user:
+
+Template: kea-ctrl-agent/password_mismatch
+Type: error
+_Description: Password input error
+ The two passwords you entered were not the same. Please try again.
+
+Template: kea-ctrl-agent/make_a_choice
+Type: select
+Choices: do_nothing, configured_random_password, configured_password
+_Description: Kea control agent authentication configuration
+ Starting with this version, the Kea Control Agent will be configured to require authentication by default.
+ .
+ The available options are:
+ .
+ do nothing:
+ Until you create /etc/kea/kea-api-password, either manually or using one the other options described here, the service will not start.
+ .
+ configured with a random password:
+ The packaging will generate a random password for you, save it, and start the service.
+ .
+ configured with password:
+ The packaging will save the password you supply, and start the service. Note that an empty password will result in no action and be equivalent to "do nothing" above.
+ .
+ The username is `kea-api`, and the password will be expected to be in `/etc/kea/kea-api-password`.
diff --git a/debian/kea-dev.install b/debian/kea-dev.install
new file mode 100644
index 0000000..9805c55
--- /dev/null
+++ b/debian/kea-dev.install
@@ -0,0 +1,3 @@
+usr/include/kea/*
+usr/lib/*/libkea-*.so
+usr/bin/kea-msg-compiler
diff --git a/debian/kea-dev.lintian-overrides b/debian/kea-dev.lintian-overrides
new file mode 100644
index 0000000..a87424b
--- /dev/null
+++ b/debian/kea-dev.lintian-overrides
@@ -0,0 +1 @@
+kea-dev: no-manual-page [usr/bin/kea-msg-compiler]
diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init
new file mode 100644
index 0000000..c67be9e
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.init
@@ -0,0 +1,167 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-dhcp-ddns
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP DDNS Server
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
+### END INIT INFO
+# Author: Adam Majer <adamm@zombino.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=kea-dhcp-ddns
+NAME=kea-dhcp-ddns
+DAEMON=/usr/sbin/kea-dhcp-ddns
+DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf"
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/ddns.html#starting-and-stopping-the-dhcp-ddns-server
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service" $DAEMON
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-dhcp-ddns-server.install b/debian/kea-dhcp-ddns-server.install
new file mode 100644
index 0000000..d029623
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.install
@@ -0,0 +1,3 @@
+etc/kea/kea-dhcp-ddns.conf
+usr/sbin/kea-dhcp-ddns
+debian/usr.sbin.kea-dhcp-ddns /etc/apparmor.d/
diff --git a/debian/kea-dhcp-ddns-server.manpages b/debian/kea-dhcp-ddns-server.manpages
new file mode 100644
index 0000000..4dde921
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-dhcp-ddns.8
diff --git a/debian/kea-dhcp-ddns-server.service b/debian/kea-dhcp-ddns-server.service
new file mode 100644
index 0000000..e752e9d
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Kea DDNS Service
+Documentation=man:kea-dhcp-ddns(8)
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+User=_kea
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init
new file mode 100644
index 0000000..c91aa61
--- /dev/null
+++ b/debian/kea-dhcp4-server.init
@@ -0,0 +1,167 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-dhcp4-server
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP IPv4 Server
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
+### END INIT INFO
+# Author: Adam Majer <adamm@zombino.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp4"
+NAME=kea-dhcp4-server
+DAEMON=/usr/sbin/kea-dhcp4
+DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf"
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp4.kea-dhcp4.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service,cap_net_raw=+ep" $DAEMON
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-dhcp4-server.install b/debian/kea-dhcp4-server.install
new file mode 100644
index 0000000..59f61d2
--- /dev/null
+++ b/debian/kea-dhcp4-server.install
@@ -0,0 +1,3 @@
+etc/kea/kea-dhcp4.conf
+usr/sbin/kea-dhcp4
+debian/usr.sbin.kea-dhcp4 /etc/apparmor.d/
diff --git a/debian/kea-dhcp4-server.manpages b/debian/kea-dhcp4-server.manpages
new file mode 100644
index 0000000..05225e5
--- /dev/null
+++ b/debian/kea-dhcp4-server.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-dhcp4.8
diff --git a/debian/kea-dhcp4-server.service b/debian/kea-dhcp4-server.service
new file mode 100644
index 0000000..43b70c8
--- /dev/null
+++ b/debian/kea-dhcp4-server.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Kea IPv4 DHCP daemon
+Documentation=man:kea-dhcp4(8)
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+User=_kea
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init
new file mode 100644
index 0000000..7b57f01
--- /dev/null
+++ b/debian/kea-dhcp6-server.init
@@ -0,0 +1,167 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-dhcp6-server
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP IPv6 Server
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
+### END INIT INFO
+# Author: Adam Majer <adamm@zombino.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp6"
+NAME=kea-dhcp6-server
+DAEMON=/usr/sbin/kea-dhcp6
+DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf"
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp6.kea-dhcp6.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service" $DAEMON
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-dhcp6-server.install b/debian/kea-dhcp6-server.install
new file mode 100644
index 0000000..d22f7a7
--- /dev/null
+++ b/debian/kea-dhcp6-server.install
@@ -0,0 +1,3 @@
+etc/kea/kea-dhcp6.conf
+usr/sbin/kea-dhcp6
+debian/usr.sbin.kea-dhcp6 /etc/apparmor.d/
diff --git a/debian/kea-dhcp6-server.manpages b/debian/kea-dhcp6-server.manpages
new file mode 100644
index 0000000..b6c99cb
--- /dev/null
+++ b/debian/kea-dhcp6-server.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-dhcp6.8
diff --git a/debian/kea-dhcp6-server.service b/debian/kea-dhcp6-server.service
new file mode 100644
index 0000000..7944a09
--- /dev/null
+++ b/debian/kea-dhcp6-server.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Kea IPv6 DHCP daemon
+Documentation=man:kea-dhcp6(8)
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+User=_kea
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/kea-doc.README.Debian b/debian/kea-doc.README.Debian
new file mode 100644
index 0000000..03c9d46
--- /dev/null
+++ b/debian/kea-doc.README.Debian
@@ -0,0 +1,13 @@
+# ISC Kea for Debian
+
+## Logging
+
+Following what upstream does with their .deb packaging, the Debian packages by
+default log to the systemd journal. If logging to file is desired just edit the
+config files and change the loggers "output" to a file under /var/log/kea/,
+e.g. for /etc/kea/kea-dhcp4.conf:
+
+ "output": "/var/log/kea/kea-dhcp4.log"
+
+The systemd units automatically create the /var/log/kea/ right ownership and
+permissions.
diff --git a/debian/kea-doc.doc-base b/debian/kea-doc.doc-base
new file mode 100644
index 0000000..e403e79
--- /dev/null
+++ b/debian/kea-doc.doc-base
@@ -0,0 +1,11 @@
+Document: kea
+Title: Kea Administrator Reference Manual
+Author: Internet Systems Consortium
+Abstract: This is the reference guide for Kea, an open source implementation
+ of the Dynamic Host Configuration Protocol (DHCP) servers, developed and
+ maintained by Internet Systems Consortium (ISC).
+Section: System/Administration
+
+Format: HTML
+Files: /usr/share/doc/kea/html/*
+Index: /usr/share/doc/kea/html/index.html
diff --git a/debian/kea-doc.docs b/debian/kea-doc.docs
new file mode 100644
index 0000000..df73e67
--- /dev/null
+++ b/debian/kea-doc.docs
@@ -0,0 +1,3 @@
+CONTRIBUTING.md
+usr/share/doc/kea/*
+usr/share/kea/api
diff --git a/debian/kea-doc.lintian-overrides b/debian/kea-doc.lintian-overrides
new file mode 100644
index 0000000..6e30f23
--- /dev/null
+++ b/debian/kea-doc.lintian-overrides
@@ -0,0 +1,3 @@
+kea-doc: embedded-javascript-library *
+kea-doc: font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*]
+kea-doc: font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*]
diff --git a/debian/not-installed b/debian/not-installed
new file mode 100644
index 0000000..045263b
--- /dev/null
+++ b/debian/not-installed
@@ -0,0 +1,4 @@
+usr/share/man/man8/kea-netconf.8
+usr/sbin/keactrl
+usr/share/man/man8/keactrl.8
+etc/kea/keactrl.conf
diff --git a/debian/patches/0002-kea_admin_fix.patch b/debian/patches/0002-kea_admin_fix.patch
new file mode 100644
index 0000000..5ed99e4
--- /dev/null
+++ b/debian/patches/0002-kea_admin_fix.patch
@@ -0,0 +1,20 @@
+From: Kea <isc-kea@packages.debian.org>
+Date: Tue, 19 Feb 2019 12:39:35 +0000
+Subject: kea_admin_fix
+
+Removed the fallback to the build version of kea-admin since it will not exist on users hosts.
+---
+ src/bin/admin/kea-admin.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/src/bin/admin/kea-admin.in
++++ b/src/bin/admin/kea-admin.in
+@@ -50,8 +50,6 @@
+ # Include the installed admin-utils.sh if available. Fallback to sources otherwise.
+ if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then
+ . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"
+-else
+- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh"
+ fi
+
+ # Find the installed kea-lfc if available. Fallback to sources otherwise.
diff --git a/debian/patches/0009-disable-database-tests.patch b/debian/patches/0009-disable-database-tests.patch
new file mode 100644
index 0000000..7d008c8
--- /dev/null
+++ b/debian/patches/0009-disable-database-tests.patch
@@ -0,0 +1,26 @@
+Description: Skip the database tests
+ The MySQL and PostgreSQL tests require a server with username,
+ password and tables setup for the test, see doc/devel/unit-tests.dox.
+ There's no way to instruct the build system to skip specific tests,
+ so let's disable them with a patch.
+Forwarded: not-needed
+Author: Paride Legovini <paride.legovini@canonical.com>
+Last-Update: 2020-12-03
+--- a/src/bin/admin/tests/mysql_tests.sh.in
++++ b/src/bin/admin/tests/mysql_tests.sh.in
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++echo "SKIPPING MYSQL TEST"
++exit 0
+
+ # Copyright (C) 2014-2023 Internet Systems Consortium, Inc. ("ISC")
+ #
+--- a/src/bin/admin/tests/pgsql_tests.sh.in
++++ b/src/bin/admin/tests/pgsql_tests.sh.in
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++echo "SKIPPING POSTGRESQL TEST"
++exit 0
+
+ # Copyright (C) 2015-2023 Internet Systems Consortium, Inc. ("ISC")
+ #
diff --git a/debian/patches/0010-set-control-sockets-location.patch b/debian/patches/0010-set-control-sockets-location.patch
new file mode 100644
index 0000000..f8be1d3
--- /dev/null
+++ b/debian/patches/0010-set-control-sockets-location.patch
@@ -0,0 +1,116 @@
+From: Athos Ribeiro <athos.ribeiro@canonical.com>
+Date: Mon, 13 Feb 2023 16:20:18 -0300
+Subject: d/rules: set the default location for control sockets to /run/kea
+
+The default config files place the control sockets in /tmp, which is
+insecure. Mangle the config files to place the sockets under _kea-owned
+/run/kea instead.
+
+Patch originally submitted by Paride Legovini in
+https://salsa.debian.org/debian/isc-kea/-/merge_requests/15.
+
+Last-Update: 2023-02-13
+Bug: https://gitlab.isc.org/isc-projects/kea/-/issues/2495
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100
+---
+ src/bin/keactrl/kea-ctrl-agent.conf.pre | 6 +++---
+ src/bin/keactrl/kea-dhcp-ddns.conf.pre | 2 +-
+ src/bin/keactrl/kea-dhcp4.conf.pre | 2 +-
+ src/bin/keactrl/kea-dhcp6.conf.pre | 2 +-
+ src/bin/keactrl/kea-netconf.conf.pre | 4 ++--
+ 5 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -32,15 +32,15 @@
+ "control-sockets": {
+ "dhcp4": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ },
+ "dhcp6": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ },
+ "d2": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea-ddns-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket"
+ }
+ },
+
+--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre
++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre
+@@ -23,7 +23,7 @@
+ "port": 53001,
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea-ddns-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket"
+ },
+ "tsig-keys": [],
+ "forward-ddns" : {},
+--- a/src/bin/keactrl/kea-dhcp4.conf.pre
++++ b/src/bin/keactrl/kea-dhcp4.conf.pre
+@@ -49,7 +49,7 @@
+ // more. For detailed description, see Sections 8.8, 16 and 15.
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+--- a/src/bin/keactrl/kea-dhcp6.conf.pre
++++ b/src/bin/keactrl/kea-dhcp6.conf.pre
+@@ -43,7 +43,7 @@
+ // description, see Sections 9.12, 16 and 15.
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+--- a/src/bin/keactrl/kea-netconf.conf.pre
++++ b/src/bin/keactrl/kea-netconf.conf.pre
+@@ -30,13 +30,13 @@
+ "dhcp4": {
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ }
+ },
+ "dhcp6": {
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ }
+ }
+ },
+--- a/tools/path_replacer.sh.in
++++ b/tools/path_replacer.sh.in
+@@ -28,13 +28,17 @@
+ localstatedir="@localstatedir@"
+ exec_prefix="@exec_prefix@"
+ libdir="@libdir@"
++runstatedir="@runstatedir@"
++PACKAGE="@PACKAGE@"
+
+ echo "Replacing \@prefix\@ with ${prefix}"
+ echo "Replacing \@libdir\@ with ${libdir}"
+ echo "Replacing \@sysconfdir\@ with ${sysconfdir}"
+ echo "Replacing \@localstatedir\@ with ${localstatedir}"
++echo "Replacing \@runstatedir\@ with ${runstatedir}"
++echo "Replacing \@PACKAGE\@ with ${PACKAGE}"
+
+ echo "Input file: $1"
+ echo "Output file: $2"
+
+-sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g" "${1}" > "${2}"
++sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g; s@SEP@\@runstatedir\@@SEP@${runstatedir}@SEP@g; s@SEP@\@PACKAGE\@@SEP@${PACKAGE}@SEP@g" "${1}" > "${2}"
diff --git a/debian/patches/0011-kea-ctrl-agent-authentication.patch b/debian/patches/0011-kea-ctrl-agent-authentication.patch
new file mode 100644
index 0000000..d965fbc
--- /dev/null
+++ b/debian/patches/0011-kea-ctrl-agent-authentication.patch
@@ -0,0 +1,30 @@
+Description: Set kea-ctrl-agent up to require a password.
+Author: Andreas Hasenack <andreas.hasenack@canonical.com>
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2007312
+Last-Update: 2023-03-17
+
+diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+index e6ae8b8a..f7e3fed2 100644
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -26,6 +26,18 @@
+ // is specifically for HA updates only.
+ "http-port": 8000,
+
++ "authentication": {
++ "type": "basic",
++ "realm": "Kea Control Agent",
++ "directory": "/etc/kea",
++ "clients": [
++ {
++ "user": "kea-api",
++ "password-file": "kea-api-password"
++ }
++ ]
++ },
++
+ // Specify location of the files to which the Control Agent
+ // should connect to forward commands to the DHCPv4, DHCPv6
+ // and D2 servers via unix domain sockets.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d18b4f5
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,4 @@
+0002-kea_admin_fix.patch
+0009-disable-database-tests.patch
+0010-set-control-sockets-location.patch
+0011-kea-ctrl-agent-authentication.patch
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..e2d1d9f
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] kea-ctrl-agent.templates
diff --git a/debian/po/de.po b/debian/po/de.po
new file mode 100644
index 0000000..7f7b56d
--- /dev/null
+++ b/debian/po/de.po
@@ -0,0 +1,130 @@
+# German translation of isc-kea debconf templates.
+# This file is distributed under the same license as the isc-kea package.
+# Copyright Ā© of this file:
+# Christoph Brinkhaus <c.brinkhaus@t-online.de>, 2023.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: isc-kea_2.2.0-8\n"
+"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n"
+"POT-Creation-Date: 2023-03-29 14:20-0300\n"
+"PO-Revision-Date: 2023-07-17 20:18+0200\n"
+"Last-Translator: Christoph Brinkhaus <c.brinkhaus@t-online.de>\n"
+"Language-Team: German <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "New password for the kea control agent \"kea_api\" user:"
+msgstr "Neues Passwort fĆ¼r den Kea Control Agent Ā»kea_apiĀ«-Benutzer:"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "This password will be stored in the /etc/kea/kea-api-password file."
+msgstr ""
+"Dieses Passwort wird in der Datei /etc/kea/kea-api-password gespeichert."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "NOTE: if the password is empty, no action will be taken."
+msgstr "HINWEIS: falls das Passwort leer ist, wird keine Aktion durchgefĆ¼hrt."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:2001
+msgid "Repeat password for the kea control agent \"kea_api\" user:"
+msgstr ""
+"Geben Sie das Passwort fĆ¼r den Kea Control Agent Ā»kea_apiĀ«-Benutzer erneut "
+"ein:"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "Password input error"
+msgstr "Passwort-Eingabefehler"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Die zwei eingegebenen Passwƶrter sind nicht identisch. Bitte versuchen Sie "
+"es erneut."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "Kea control agent authentication configuration"
+msgstr "Kea Control Agent-Authentifizierungskonfiguration"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"Starting with this version, the Kea Control Agent will be configured to "
+"require authentication by default."
+msgstr ""
+"Ab dieser Version ist die Standardeinstellung des Kea Control Agent so, dass "
+"eine Authentifizierung erforderlich ist."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "The available options are:"
+msgstr "Die verfĆ¼gbaren Mƶglichkeiten sind:"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" do nothing:\n"
+" Until you create /etc/kea/kea-api-password, either manually or using one "
+"the other options described here, the service will not start."
+msgstr ""
+" keine Aktion:\n"
+" Bis Sie /etc/kea/kea-api-password erstellt haben, entweder manuell oder "
+"durch Verwendung der anderen hier beschriebenen Mƶglichkeiten, wird der "
+"Dienst nicht starten."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with a random password:\n"
+" The packaging will generate a random password for you, save it, and start "
+"the service."
+msgstr ""
+" mit einem zufƤlligen Passwort konfiguriert:\n"
+" Das Paket erzeugt ein zufƤlliges Passwort, speichert es und startet den "
+"Dienst."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with password:\n"
+" The packaging will save the password you supply, and start the service. "
+"Note that an empty password will result in no action and be equivalent to "
+"\"do nothing\" above."
+msgstr ""
+" konfiguriert mit einem Passwort:\n"
+" Das Paket speichert das bereitgestellte Passwort und startet den Dienst. "
+"Beachten Sie, dass ein leeres Passwort keine Aktionen bewirkt und dem Ā»keine "
+"AktionĀ« von oben entspricht."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"The username is `kea-api`, and the password will be expected to be in `/etc/"
+"kea/kea-api-password`."
+msgstr ""
+"Der Benutzername ist `kea-api` und das Passwort wird in `/etc/kea/kea-api-"
+"password` erwartet."
diff --git a/debian/po/es.po b/debian/po/es.po
new file mode 100644
index 0000000..bef717d
--- /dev/null
+++ b/debian/po/es.po
@@ -0,0 +1,129 @@
+# Translation of isc-kea debconf templates to Spanish.
+# Copyright (C) 2023 CamaleĆ³n <noelamac@gmail.com>
+# This file is distributed under the same license as the isc-kea package.
+# CamaleĆ³n <noelamac@gmail.com>, 2023.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: isc-kea\n"
+"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n"
+"POT-Creation-Date: 2023-03-29 14:20-0300\n"
+"PO-Revision-Date: 2023-07-09 16:50+0200\n"
+"Last-Translator: CamaleĆ³n <noelamac@gmail.com>\n"
+"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.4.2\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "New password for the kea control agent \"kea_api\" user:"
+msgstr "Nueva contraseƱa del usuario Ā«kea-apiĀ» del Agente de Control Kea:"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "This password will be stored in the /etc/kea/kea-api-password file."
+msgstr "Esta contraseƱa se guardarĆ” en el archivo Ā«/etc/kea/kea-api-passwordĀ»."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "NOTE: if the password is empty, no action will be taken."
+msgstr ""
+"NOTA: si deja la contraseƱa en blanco, no se llevarĆ” a cabo ninguna acciĆ³n."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:2001
+msgid "Repeat password for the kea control agent \"kea_api\" user:"
+msgstr ""
+"Vuelva a introducir la contraseƱa del usuario Ā«kea-apiĀ» del Agente de "
+"Control Kea:"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "Password input error"
+msgstr "Error al introducir la contraseƱa"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Las contraseƱas que ha introducido no coinciden. IntƩntelo de nuevo."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "Kea control agent authentication configuration"
+msgstr "ConfiguraciĆ³n de la autentificaciĆ³n del Agente de Control Kea"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"Starting with this version, the Kea Control Agent will be configured to "
+"require authentication by default."
+msgstr ""
+"A partir de esta versiĆ³n, el Agente de Control Kea se configurarĆ” para "
+"requerir autentificaciĆ³n de manera predeterminada."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "The available options are:"
+msgstr "Las opciones disponibles son:"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" do nothing:\n"
+" Until you create /etc/kea/kea-api-password, either manually or using one "
+"the other options described here, the service will not start."
+msgstr ""
+" no hacer nada:\n"
+" El servicio no se iniciarĆ” hasta que no se genere el archivo Ā«/etc/kea/kea-"
+"api-passwordĀ», bien manualmente o utilizando alguna de las otras opciones "
+"descritas en este apartado."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with a random password:\n"
+" The packaging will generate a random password for you, save it, and start "
+"the service."
+msgstr ""
+" configurado con una contraseƱa aleatoria:\n"
+" El paquete generarƔ una contraseƱa aleatoria para usted, la guardarƔ e "
+"iniciarĆ” el servicio."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with password:\n"
+" The packaging will save the password you supply, and start the service. "
+"Note that an empty password will result in no action and be equivalent to "
+"\"do nothing\" above."
+msgstr ""
+" configurado con contraseƱa:\n"
+" El paquete guardarƔ la contraseƱa que introduzca e iniciarƔ el servicio. "
+"Tenga en cuenta que una contraseƱa en blanco no generarĆ” ninguna acciĆ³n y "
+"serĆ” equivalente a la opciĆ³n Ā«no hacer nadaĀ»."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"The username is `kea-api`, and the password will be expected to be in `/etc/"
+"kea/kea-api-password`."
+msgstr ""
+"El nombre de usuario es Ā«kea-apiĀ» y se espera que la contraseƱa estĆ© en el "
+"archivo Ā«/etc/kea/kea-api-passwordĀ»."
diff --git a/debian/po/fr.po b/debian/po/fr.po
new file mode 100644
index 0000000..c139c17
--- /dev/null
+++ b/debian/po/fr.po
@@ -0,0 +1,132 @@
+# Translation of isc-kea debconf templates to French.
+# Copyright (C) 2023
+# This file is distributed under the same license as the isc-kea package.
+#
+# Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>, 2023.
+msgid ""
+msgstr ""
+"Project-Id-Version: isc-kea\n"
+"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n"
+"POT-Creation-Date: 2023-03-29 14:20-0300\n"
+"PO-Revision-Date: 2023-12-16 11:24+0100\n"
+"Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"Language: fr_FR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"X-Generator: Lokalize 22.12.3\n"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "New password for the kea control agent \"kea_api\" user:"
+msgstr ""
+"Nouveau mot de passe de l'utilisateur agent de contrĆ“le de kea Ā«Ā kea_apiĀ Ā»Ā :"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "This password will be stored in the /etc/kea/kea-api-password file."
+msgstr ""
+"Ce mot de passe sera enregistrƩ dans le fichier /etc/kea/kea-api-password."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "NOTE: if the password is empty, no action will be taken."
+msgstr ""
+"NOTEĀ : si le mot de passe est vide, aucune action ne sera entreprise."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:2001
+msgid "Repeat password for the kea control agent \"kea_api\" user:"
+msgstr ""
+"Confirmation du mot de passe de l'utilisateur agent de contrƓle de kea "
+"Ā«Ā kea_apiĀ Ā»Ā :"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "Password input error"
+msgstr "Erreur de saisie du mot de passe"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Le mot de passe et sa confirmation ne sont pas identiques. Veuillez "
+"recommencer."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "Kea control agent authentication configuration"
+msgstr "Configuration de l'authentification de l'agent de contrƓle de kea"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"Starting with this version, the Kea Control Agent will be configured to "
+"require authentication by default."
+msgstr ""
+"ƀ partir de cette version, l'agent de contrĆ“le de kea sera configurĆ© pour "
+"exiger par dƩfaut une authentification."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "The available options are:"
+msgstr "Les options disponibles sontĀ :"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" do nothing:\n"
+" Until you create /etc/kea/kea-api-password, either manually or using one "
+"the other options described here, the service will not start."
+msgstr ""
+" Ne rien faireĀ :\n"
+" jusqu'Ơ la crƩation de /etc/kea/kea-api-password, manuellement ou en "
+"utilisant une des options dƩcrites ici, le service ne dƩmarrera pas."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with a random password:\n"
+" The packaging will generate a random password for you, save it, and start "
+"the service."
+msgstr ""
+" Configuration avec un mot de passe alĆ©atoireĀ :\n"
+" le paquet va gƩnƩrer un mot de passe alƩatoire, enregistrez-le et dƩmarrez "
+"le service."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with password:\n"
+" The packaging will save the password you supply, and start the service. "
+"Note that an empty password will result in no action and be equivalent to "
+"\"do nothing\" above."
+msgstr ""
+" Configuration avec un mot de passeĀ :\n"
+" le paquet va enregistrer le mot de passe fourni et dƩmarrer le service. "
+"Notez qu'un mot de passe vide n'aboutira Ć  aucune action et est Ć©quivalent Ć  "
+"l'option Ā«Ā ne rien faireĀ Ā»."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"The username is `kea-api`, and the password will be expected to be in `/etc/"
+"kea/kea-api-password`."
+msgstr ""
+"Le nom d'utilisateur est Ā«Ā kea-apiĀ  et le mot de passe devrait ĆŖtre dans le "
+"fichier Ā«Ā /etc/kea/kea-api-passwordĀ Ā»."
diff --git a/debian/po/nl.po b/debian/po/nl.po
new file mode 100644
index 0000000..12b8d6e
--- /dev/null
+++ b/debian/po/nl.po
@@ -0,0 +1,127 @@
+# Dutch translation of isc-kea debconf templates.
+# This file is distributed under the same license as the isc-kea package.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2023.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: isc-kea_2.2.0-8\n"
+"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n"
+"POT-Creation-Date: 2023-03-29 14:20-0300\n"
+"PO-Revision-Date: 2023-07-10 23:19+0200\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Gtranslator 3.30.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "New password for the kea control agent \"kea_api\" user:"
+msgstr "Nieuw wachtwoord voor gebruiker \"kea_api\" van de kea control agent:"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "This password will be stored in the /etc/kea/kea-api-password file."
+msgstr ""
+"Dit wachtwoord wordt opgeslagen in het bestand /etc/kea/kea-api-password."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "NOTE: if the password is empty, no action will be taken."
+msgstr "OPMERKING: als het wachtwoord leeg is, wordt er geen actie ondernomen."
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:2001
+msgid "Repeat password for the kea control agent \"kea_api\" user:"
+msgstr ""
+"Herhaal het wachtwoord voor gebruiker \"kea_api\" van de kea control agent:"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "Password input error"
+msgstr "Fout bij het invoeren van het wachtwoord"
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"De twee wachtwoorden die u invoerde, waren niet identiek. Probeer opnieuw."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "Kea control agent authentication configuration"
+msgstr "Kea control agent authenticatieconfiguratie"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"Starting with this version, the Kea Control Agent will be configured to "
+"require authentication by default."
+msgstr ""
+"Vanaf deze versie wordt Kea Control Agent geconfigureerd om standaard "
+"verificatie te vereisen."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "The available options are:"
+msgstr "De beschikbare opties zijn:"
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" do nothing:\n"
+" Until you create /etc/kea/kea-api-password, either manually or using one "
+"the other options described here, the service will not start."
+msgstr ""
+" niets doen:\n"
+" Totdat u /etc/kea/kea-api-password aanmaakt, handmatig of met behulp van "
+"een van de andere hier beschreven opties, zal de service niet starten."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with a random password:\n"
+" The packaging will generate a random password for you, save it, and start "
+"the service."
+msgstr ""
+" geconfigureerd met een willekeurig wachtwoord:\n"
+" Het pakket genereert een willekeurig wachtwoord voor u, slaat het op en "
+"start de service."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with password:\n"
+" The packaging will save the password you supply, and start the service. "
+"Note that an empty password will result in no action and be equivalent to "
+"\"do nothing\" above."
+msgstr ""
+" geconfigureerd met wachtwoord:\n"
+" Het pakket slaat het door u opgegeven wachtwoord op en start de service. "
+"Merk op dat een leeg wachtwoord geen actie tot gevolg heeft en gelijk staat "
+"aan \"niets doen\" hierboven."
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"The username is `kea-api`, and the password will be expected to be in `/etc/"
+"kea/kea-api-password`."
+msgstr ""
+"De gebruikersnaam is `kea-api` en het wachtwoord wordt verwacht in `/etc/kea/"
+"kea-api-password` te staan."
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..c6a7229
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,110 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the isc-kea package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: isc-kea\n"
+"Report-Msgid-Bugs-To: isc-kea@packages.debian.org\n"
+"POT-Creation-Date: 2023-03-29 14:20-0300\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "New password for the kea control agent \"kea_api\" user:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "This password will be stored in the /etc/kea/kea-api-password file."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:1001
+msgid "NOTE: if the password is empty, no action will be taken."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../kea-ctrl-agent.templates:2001
+msgid "Repeat password for the kea control agent \"kea_api\" user:"
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "Password input error"
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../kea-ctrl-agent.templates:3001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "Kea control agent authentication configuration"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"Starting with this version, the Kea Control Agent will be configured to "
+"require authentication by default."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid "The available options are:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" do nothing:\n"
+" Until you create /etc/kea/kea-api-password, either manually or using one "
+"the other options described here, the service will not start."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with a random password:\n"
+" The packaging will generate a random password for you, save it, and start "
+"the service."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+" configured with password:\n"
+" The packaging will save the password you supply, and start the service. "
+"Note that an empty password will result in no action and be equivalent to "
+"\"do nothing\" above."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../kea-ctrl-agent.templates:4001
+msgid ""
+"The username is `kea-api`, and the password will be expected to be in `/etc/"
+"kea/kea-api-password`."
+msgstr ""
diff --git a/debian/python3-kea-connector.install b/debian/python3-kea-connector.install
new file mode 100644
index 0000000..d0b8f74
--- /dev/null
+++ b/debian/python3-kea-connector.install
@@ -0,0 +1,2 @@
+usr/lib/python3/dist-packages/kea/kea_conn.py
+usr/lib/python3/dist-packages/kea/kea_connector3.py
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..ec21498
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,75 @@
+#!/usr/bin/make -f
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+include /usr/share/dpkg/pkg-info.mk
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+# Disable LTO on ppc64el as it causes crashes (LP: #2055151).
+# This has been spotted in Ubuntu, where LTO is enabled by
+# default, but it likely that Debian would be affected too.
+ifeq ($(DEB_HOST_ARCH),ppc64el)
+export DEB_BUILD_MAINT_OPTIONS += optimize=-lto
+endif
+
+%:
+ dh $@ --with python3 -X.la
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --with-openssl \
+ --with-mysql \
+ --with-pgsql \
+ --with-boost-libs=-lboost_system \
+ --enable-generate-docs \
+ --enable-generate-messages \
+ --enable-shell \
+ --disable-static \
+ --disable-rpath \
+ --enable-generate-parser \
+ --disable-dependency-tracking \
+ --enable-perfdhcp \
+ --without-werror \
+ --with-site-packages=/usr/lib/python3/dist-packages
+
+execute_after_dh_auto_build-indep:
+ # Do not download external JS components in binary documentation package
+ # Inspired by similar removal in python-pyopencl
+ # Thanks to Andreas Beckmann
+ find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e '\,( *)<script async="async" src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>,i \1<script src="/usr/share/javascript/mathjax/MathJax.js"></script>' {} +
+ find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e 's,https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js,/usr/share/javascript/mathjax/config/TeX-MML-AM_CHTML.js,' {} +
+
+execute_after_dh_install:
+ dh_apparmor -pkea-ctrl-agent --profile-name=usr.sbin.kea-ctrl-agent
+ dh_apparmor -pkea-dhcp4-server --profile-name=usr.sbin.kea-dhcp4
+ dh_apparmor -pkea-dhcp6-server --profile-name=usr.sbin.kea-dhcp6
+ dh_apparmor -pkea-dhcp-ddns-server --profile-name=usr.sbin.kea-dhcp-ddns
+ dh_apparmor -pkea-common --profile-name=usr.sbin.kea-lfc
+
+override_dh_auto_test:
+ dh_auto_test --no-parallel
+
+execute_after_dh_auto_install:
+ rm -rv \
+ debian/tmp/usr/share/doc/kea/ChangeLog \
+ debian/tmp/usr/share/doc/kea/COPYING \
+ debian/tmp/usr/lib/python3/dist-packages/kea/__pycache__
+ # log to stdout (i.e. to to the systemd journal), and use a shorter log
+ # pattern that avoids logging information made redundant by the journal.
+ # adapted from: https://gitlab.isc.org/isc-projects/kea-packaging/-/blob/master/debian/rules
+ sed -i -e 's/"output": .*/"output": "stdout",/' -e 's@// "pattern"@"pattern"@' debian/tmp/etc/kea/kea-*.conf
+
+# Since we do not maintain a symbols file for the libraries shipped in
+# kea-common, make the shlibs control file more strict, generating dependencies
+# such as "libkea-util 52 kea-common (= 2.2.0-5)" instead of the less strict
+# "libkea-util 52 kea-common (>= 2.2.0)".
+override_dh_makeshlibs:
+ dh_makeshlibs -pkea-common -V'kea-common (= ${DEB_VERSION})'
+ dh_makeshlibs -Nkea-common
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 0000000..3c99ae9
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,14 @@
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+ # FTCBFS because of missing build-deps that are unlikely to be fixed any soon.
+ SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1
+ # Fail on Lintian warnings
+ SALSA_CI_LINTIAN_FAIL_WARNING: 1
+ SALSA_CI_LINTIAN_SUPPRESS_TAGS: >-
+ orig-tarball-missing-upstream-signature,
+ package-name-defined-in-config-h,
+ # Not reproducible when varying the build_path.
+ SALSA_CI_REPROTEST_ARGS: --variations=-build_path
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..8d87da8
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1 @@
+isc-kea source: very-long-line-length-in-source-file
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..bbed706
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,13 @@
+# Keep this test as the first, as it will verify the default installation
+# behavior wrt kea-ctrl-agent password configuration
+Tests: kea-ctrl-agent-debconf
+Restrictions: needs-root, allow-stderr
+Depends: kea-ctrl-agent
+
+Tests: smoke-tests
+Restrictions: needs-root, allow-stderr
+Depends: kea, curl, jq
+
+Tests: kea-dhcp4
+Restrictions: needs-root, allow-stderr, breaks-testbed
+Depends: kea-dhcp4-server, kea-ctrl-agent, isc-dhcp-client, bridge-utils, iproute2, jq
diff --git a/debian/tests/kea-ctrl-agent-debconf b/debian/tests/kea-ctrl-agent-debconf
new file mode 100644
index 0000000..5790977
--- /dev/null
+++ b/debian/tests/kea-ctrl-agent-debconf
@@ -0,0 +1,266 @@
+#!/bin/bash
+
+set -e
+
+pw_file="/etc/kea/kea-api-password"
+pw_secret="secret_password_${RANDOM}"
+service="kea-ctrl-agent.service"
+
+cleanup() {
+ /bin/true
+}
+
+trap cleanup EXIT
+
+override_systemd_throttling() {
+ mkdir -p /run/systemd/system/kea-ctrl-agent.service.d
+ cat > /run/systemd/system/kea-ctrl-agent.service.d/override.conf <<EOF
+[Unit]
+StartLimitIntervalSec=0
+EOF
+ systemctl daemon-reload
+}
+
+check_perms() {
+ local file="${1}"
+ local wanted_perms="${2}"
+ local perms
+
+ perms=$(stat -c %U:%G:%a "${file}")
+ if [ "${perms}" != "${wanted_perms}" ]; then
+ echo "## ERROR: permissions are ${perms} and should be ${wanted_perms}"
+ return 1
+ else
+ echo "## OK, permissions are ${perms}"
+ fi
+}
+
+service_status_must_be() {
+ local service_status
+ local wanted_status="${1}"
+ service_status=$(systemctl is-active "${service}" || /bin/true)
+ systemctl status "${service}" || /bin/true
+ if [ "${service_status}" != "${wanted_status}" ]; then
+ echo "## ERROR, service is ${service_status}"
+ return 1
+ else
+ echo "## OK, service is ${service_status}"
+ fi
+}
+
+reconfigure_unconfigured() {
+ debconf-set-selections << EOF
+kea-ctrl-agent kea-ctrl-agent/make_a_choice select unconfigured
+EOF
+ dpkg-reconfigure kea-ctrl-agent
+}
+
+reconfigure_password() {
+ local password="${1}"
+ debconf-set-selections << EOF
+kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_password
+kea-ctrl-agent kea-ctrl-agent/kea_api_password password ${password}
+kea-ctrl-agent kea-ctrl-agent/kea_api_password_again password ${password}
+EOF
+ dpkg-reconfigure kea-ctrl-agent
+}
+
+reconfigure_random() {
+ debconf-set-selections << EOF
+kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password
+EOF
+ dpkg-reconfigure kea-ctrl-agent
+}
+
+test_fresh_install() {
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ # On a fresh install, which is the situation we are in as this is the first
+ # test being run, there is no kea-api-password file, and the service isn't
+ # running
+ echo "## Fresh install, default options, there must be no ${pw_file} file"
+ ls -la "$(dirname ${pw_file})"
+ test ! -f "${pw_file}"
+
+ echo
+ echo "## With no ${pw_file}, the service must not be running"
+ service_status_must_be inactive
+ echo
+}
+
+test_service_wont_start_without_pwfile() {
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ echo "## With no ${pw_file}, service must not start"
+ ls -la "$(dirname ${pw_file})"
+ test ! -f "${pw_file}"
+ echo "## Current status:"
+ systemctl status "${service}" || /bin/true
+ echo
+ echo "## Attempting to start ${service}"
+ systemctl start "${service}"
+ service_status_must_be inactive
+ echo
+}
+
+test_configured_password() {
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ echo "## Reconfiguring kea-ctrl-agent with password ${pw_secret}"
+ reconfigure_password "${pw_secret}"
+
+ echo "## Checking that ${pw_file} exists and has ${pw_secret}"
+ ls -la "$(dirname ${pw_file})"
+ test -f "${pw_file}"
+ generated_pw=$(cat "${pw_file}")
+ if [ "${generated_pw}" != "${pw_secret}" ]; then
+ echo "## ERROR, password from ${pw_file} is not equal to ${pw_secret}: ${generated_pw}"
+ return 1
+ else
+ echo "## OK, password from ${pw_file} is ${generated_pw}"
+ fi
+
+ echo "## Checking that ${pw_file} has expected permissions and ownership"
+ check_perms "${pw_file}" "root:_kea:640"
+ echo
+
+ echo
+ echo "## Checking that the service is running"
+ service_status_must_be active
+}
+
+test_configured_random_password() {
+ local generated_pw
+
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ echo "## Reconfiguring kea-ctrl-agent with random password option"
+ reconfigure_random
+
+ echo "## Checking that ${pw_file} exists and has a password different from ${pw_secret}"
+ ls -la "$(dirname ${pw_file})"
+ test -f "${pw_file}"
+
+ generated_pw=$(cat "${pw_file}")
+ if [ "${generated_pw}" = "${pw_secret}" ]; then
+ echo "## ERROR, generated random password \"${generated_pw}\" is equal to \"${pw_secret}\""
+ return 1
+ else
+ echo "## OK, generated random password is \"${generated_pw}\""
+ fi
+ echo
+ echo "## Checking that ${pw_file} has expected permissions and ownership"
+ check_perms "${pw_file}" "root:_kea:640"
+ echo
+
+ echo
+ echo "## Checking that the service is running"
+ service_status_must_be active
+}
+
+test_unconfigured() {
+ local -r new_secret="${pw_secret}${pw_secret}"
+ local contents
+
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ echo "## Reconfiguring kea-ctrl-agent with option \"unconfigured\" should leave things as they were"
+ echo
+ echo "## Overwriting ${pw_file} with ${new_secret}"
+ printf "%s" "${new_secret}" > "${pw_file}"
+
+ echo "## Reconfiguring"
+ reconfigure_unconfigured
+
+ echo
+ echo "## ${pw_file} should still contain ${new_secret}"
+ contents=$(cat "${pw_file}")
+ if [ "${contents}" != "${new_secret}" ]; then
+ echo "## ERROR, ${pw_file} now contains \"${contents}\""
+ return 1
+ else
+ echo "## OK, same content"
+ fi
+
+ echo "## Removing ${pw_file} and reconfiguring, a new one should not be created, and the service must be stopped"
+ rm -f "${pw_file}"
+ ls -la $(dirname "${pw_file}")
+ echo "## Reconfiguring"
+ reconfigure_unconfigured
+
+ echo "## ${pw_file} was not recreated"
+ ls -la $(dirname "${pw_file}")
+ test ! -f "${pw_file}"
+ echo "## With no ${pw_file}, the service must not be running"
+ service_status_must_be inactive
+}
+
+test_no_start_with_empty_password() {
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ echo "## kea-ctrl-agent must not start with an empty password file"
+ echo
+ echo "## Truncating ${pw_file}"
+ truncate -s 0 "${pw_file}"
+ ls -la $(dirname "${pw_file}")
+ test ! -s "${pw_file}"
+ echo
+ echo "## Restarting kea-ctrl-agent"
+ systemctl restart "${service}"
+ echo
+ echo "## Service must not be started"
+ service_status_must_be inactive
+}
+
+test_empty_password_via_debconf() {
+ local service_status
+ local contents
+
+ echo
+ echo "## Running ${FUNCNAME[0]}"
+ echo "## Reconfiguring with password set to ${pw_secret}"
+ reconfigure_password "${pw_secret}"
+
+ echo
+ echo "## ${pw_file} must now contain ${pw_secret}"
+ contents=$(cat "${pw_file}")
+ if [ "${contents}" != "${pw_secret}" ]; then
+ echo "## ERROR, ${pw_file} now contains \"${contents}\""
+ return 1
+ else
+ echo "## OK, same content"
+ fi
+
+ echo
+ echo "## Service must be running"
+ service_status_must_be active
+
+ echo
+ echo "## Reconfiguring with an empty password should not change the existing password"
+ # set an empty password (no args)
+ reconfigure_password
+ ls -la $(dirname "${pw_file}")
+ contents=$(cat "${pw_file}")
+ if [ "${contents}" != "${pw_secret}" ]; then
+ echo "## ERROR, ${pw_file} now contains \"${contents}\""
+ return 1
+ else
+ echo "## OK, same content"
+ fi
+
+ echo
+ echo "## Service must be running"
+ service_status_must_be active
+}
+
+
+# we restart kea-ctrl-agent a lot during this test
+override_systemd_throttling
+
+test_fresh_install
+test_service_wont_start_without_pwfile
+test_configured_password
+test_configured_random_password
+test_unconfigured
+test_no_start_with_empty_password
+test_empty_password_via_debconf
diff --git a/debian/tests/kea-dhcp4 b/debian/tests/kea-dhcp4
new file mode 100644
index 0000000..66ce927
--- /dev/null
+++ b/debian/tests/kea-dhcp4
@@ -0,0 +1,277 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+bridge="keabr0"
+bridge_ip="192.168.127.1/24"
+subnetcidr="192.168.127.0/24"
+pool_range="192.168.127.10 - 192.168.127.250"
+test_domain="example.autopkgtest"
+server_iface="p1"
+client_iface="client0"
+client_ns="clientns"
+declare -A dhcp4_config
+resolv_conf_bkp=$(mktemp)
+kea_password_file="/etc/kea/kea-api-password"
+
+# kea-ctrl-agent needs a password file, or else it won't start
+# this also tests the debconf mechanism
+debconf-set-selections << eof
+kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password
+eof
+dpkg-reconfigure kea-ctrl-agent
+[ -s "${kea_password_file}" ] || {
+ echo "ERROR, debconf-set-selections failed to set a password for kea-ctrl-agent"
+ exit 1
+}
+
+auth_params="--auth-user kea-api --auth-password $(cat ${kea_password_file})"
+
+cleanup() {
+ rc=$?
+ set +e # so we don't exit midcleanup
+ if [ ${rc} -ne 0 ]; then
+ echo "## FAIL"
+ echo
+ echo "## dmesg"
+ dmesg -T | tail -n 500
+ echo
+ echo "## kea logs"
+ journalctl -u kea-dhcp4-server.service
+ fi
+ echo
+ echo "## Cleaning up"
+ ip link set "${server_iface}" down
+ ip link del "${server_iface}"
+ ip link set "${bridge}" down
+ brctl delbr "${bridge}"
+ ip netns delete "${client_ns}"
+ sed -r -i "/example.autopkgtest/d" /etc/hosts
+ if [ -s "${resolv_conf_bkp}" ]; then
+ cat "${resolv_conf_bkp}" > /etc/resolv.conf
+ fi
+ rm -f "${resolv_conf_bkp}"
+ # restore it for when we are called from the main script, and not the trap
+ set -e
+}
+
+trap cleanup EXIT
+
+run_on_client() {
+ ip netns exec "${client_ns}" "$@"
+}
+
+setup() {
+ cleanup 2>/dev/null
+ # so we don't have to worry about it being a symlink
+ cat /etc/resolv.conf > "${resolv_conf_bkp}"
+ echo "127.0.1.1 $(hostname).${test_domain} $(hostname)" >> /etc/hosts
+ ip netns add "${client_ns}"
+ ip link add "${server_iface}" type veth peer "${client_iface}" netns "${client_ns}"
+ brctl addbr "${bridge}"
+ brctl addif "${bridge}" "${server_iface}"
+ ip link set "${server_iface}" up
+ ip link set "${bridge}" up
+ ip addr add "${bridge_ip}" dev "${bridge}"
+}
+
+render_dhcp4_conf() {
+ local -n config="${1}"
+ local -r service="dhcp4"
+
+ template="debian/tests/kea-${service}.conf.template"
+ [ -f "${template}" ] || return 1
+ output="/etc/kea/kea-${service}.conf"
+
+ cat "${template}" | sed -r \
+ -e "s,@interface@,${config[interface]}," \
+ -e "s,@dnsip@,${config[dnsip]}," \
+ -e "s,@domain@,${config[domain]}," \
+ -e "s/@domainsearch@/${config[domainsearch]}/" \
+ -e "s,@router@,${config[router]}," \
+ -e "s,@subnetcidr@,${config[subnetcidr]}," \
+ -e "s,@poolrange@,${config[poolrange]}," \
+ -e "s,@multiarch@,$(dpkg-architecture -qDEB_HOST_MULTIARCH)," \
+ > "${output}"
+}
+
+json_get_length() {
+ echo "${1}" | jq '. | length'
+}
+
+kea_get_leases_by_mac() {
+ local mac="${1}"
+ echo "\"hw-address\": \"${mac}\"" | kea-shell ${auth_params} --service dhcp4 lease4-get-by-hw-address
+}
+
+get_result_from_lease() {
+ echo "${1}" | jq -r '.[0].result'
+}
+
+get_number_of_leases() {
+ echo "${1}" | jq '.[0].arguments.leases | length'
+}
+
+get_ip_from_lease() {
+ echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["ip-address"]'
+}
+
+get_mac_from_lease() {
+ echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["hw-address"]'
+}
+
+get_valid_lifetime_from_lease() {
+ echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["valid-lft"]'
+}
+
+check_leases() {
+ local data="${1}"
+ local if_mac="${2}"
+ local if_ip="${3}"
+ local res
+
+ res=$(json_get_length "${data}")
+ if [ ${res} != 1 ]; then
+ echo "## ERROR"
+ echo "## Expected 1 result, got ${res}:"
+ return 1
+ fi
+
+ res=$(get_result_from_lease "${data}")
+ if [ ${res} != 0 ]; then
+ echo "## ERROR"
+ echo "## Failed to obtain leases from server, code ${res}"
+ return 1
+ fi
+
+ res=$(get_number_of_leases "${data}")
+ if [ ${res} -ne 1 ]; then
+ echo "## ERROR"
+ echo "## Expected 1 lease, got ${res}:"
+ return 1
+ fi
+
+ res=$(get_ip_from_lease "${data}")
+ if [ "${if_ip}" != "${res}" ]; then
+ echo "## ERROR"
+ echo "## IP from lease (${res}) does not match IP from interface: ${if_ip}"
+ run_on_client ip a show
+ return 1
+ fi
+
+ res=$(get_mac_from_lease "${data}")
+ if [ "${if_mac}" != "${res}" ]; then
+ echo "## ERROR"
+ echo "## MAC from lease (${res}) does not match MAC from client interface: ${if_mac}"
+ run_on_client ip l show
+ return 1
+ fi
+}
+
+
+setup
+
+dhcp4_config["interface"]="${bridge}"
+# get rid of the CIDR part at the end
+dhcp4_config["dnsip"]="${bridge_ip%%/*}"
+dhcp4_config["domain"]="${test_domain}"
+dhcp4_config["domainsearch"]="${test_domain}"
+# get rid of the CIDR part at the end
+dhcp4_config["router"]="${bridge_ip%%/*}"
+dhcp4_config["subnetcidr"]="${subnetcidr}"
+dhcp4_config["poolrange"]="${pool_range}"
+
+echo
+echo "## Configuring kea-dhcp4 and restarting the service"
+render_dhcp4_conf dhcp4_config
+systemctl restart kea-dhcp4-server.service
+sleep 2s
+
+echo
+echo "## Obtaining IP via dhclient"
+run_on_client timeout -v 60s dhclient -v "${client_iface}"
+echo "## OK"
+
+ip=$(run_on_client ip -4 -o addr show dev "${client_iface}" | awk '{print $4}')
+ip=${ip%%/*} # remove the CIDR part
+mac=$(run_on_client ip -4 link show dev "${client_iface}" | grep "link/ether" | awk '{print $2}')
+
+echo
+echo "## Got ip=${ip}"
+
+echo
+echo "## Checking leases that match client's ethernet address ${mac}"
+# this will break if/when we close LP: #2007312
+leases=$(kea_get_leases_by_mac "${mac}")
+echo "## Leases:"
+echo "${leases}" | jq .
+
+check_leases "${leases}" "${mac}" "${ip}"
+echo "## OK"
+
+echo
+echo "## INFO: Networking in the ${client_ns} namespace:"
+echo
+echo "## Interfaces"
+run_on_client ip a
+echo
+echo "## Routes"
+run_on_client ip route
+echo
+echo "## DNS"
+if command -v resolvectl > /dev/null 2>&1; then
+ run_on_client resolvectl status
+else
+ echo "## Skipping DNS info (no resolvectl installed)"
+fi
+
+echo
+echo "## Checking that the DNS domain \"${test_domain}\" was added to resolv.conf"
+if grep -E "^search[[:blank:]]" /etc/resolv.conf | grep -q -w -F "${test_domain}"; then
+ echo "## OK"
+else
+ echo "## ERROR"
+ echo "## /etc/resolv.conf does not contain ${test_domain}"
+ cat /etc/resolv.conf
+ exit 1
+fi
+
+echo
+echo "## Releasing IP via dhclient -r"
+run_on_client timeout -v 60s dhclient -v -r
+echo "## OK"
+
+echo
+# As per entry 2072 in
+# https://downloads.isc.org/isc/kea/2.4.0/Kea-2.4.0-ReleaseNotes.txt, starting
+# from kea 2.3.2, a lease is no longer deleted from the lease database after a
+# release request. Instead, it is expired to enable lease affinity. It is kept
+# for `hold-reclaimed-time` seconds. Its default value is 3600 seconds.
+# https://kea.readthedocs.io/en/kea-2.4.0/arm/lease-expiration.html
+echo "## Checking that the lease was expired"
+leases=$(kea_get_leases_by_mac "${mac}")
+echo "${leases}" | jq .
+n_results=$(json_get_length "${leases}")
+if [ ${n_results} -ne 1 ]; then
+ echo "## ERROR, expected 1 result, got ${n_results}"
+ echo "${leases}" | jq .
+ exit 1
+fi
+
+n_leases=$(get_number_of_leases "${leases}")
+if [ ${n_leases} -ne 1 ]; then
+ echo "## ERROR"
+ echo "## Expected 1 lease, got ${n_leases}:"
+ echo "${leases}" | jq .
+ exit 1
+fi
+lft=$(get_valid_lifetime_from_lease "${leases}")
+if [ ${lft} -gt 0 ]; then
+ echo "## ERROR"
+ echo "## Expected expired lease lifetime (0), got ${lft}"
+ echo "${leases}" | jq .
+ exit 1
+fi
+
+echo "## OK"
diff --git a/debian/tests/kea-dhcp4.conf.template b/debian/tests/kea-dhcp4.conf.template
new file mode 100644
index 0000000..2addefd
--- /dev/null
+++ b/debian/tests/kea-dhcp4.conf.template
@@ -0,0 +1,71 @@
+{
+"Dhcp4": {
+ "interfaces-config": {
+ "interfaces": [ "@interface@" ],
+ "service-sockets-max-retries": 10,
+ "service-sockets-retry-wait-time": 1000
+ },
+ "control-socket": {
+ "socket-type": "unix",
+ "socket-name": "/run/kea/kea4-ctrl-socket"
+ },
+ "hooks-libraries": [
+ {
+ "library": "/usr/lib/@multiarch@/kea/hooks/libdhcp_lease_cmds.so"
+ }
+ ],
+ "lease-database": {
+ "type": "memfile",
+ "lfc-interval": 3600
+ },
+ "expired-leases-processing": {
+ "reclaim-timer-wait-time": 10,
+ "flush-reclaimed-timer-wait-time": 25,
+ "hold-reclaimed-time": 3600,
+ "max-reclaim-leases": 100,
+ "max-reclaim-time": 250,
+ "unwarned-reclaim-cycles": 5
+ },
+ "renew-timer": 900,
+ "rebind-timer": 1800,
+ "valid-lifetime": 3600,
+ "option-data": [
+ {
+ "name": "domain-name-servers",
+ "data": "@dnsip@"
+ },
+ {
+ "code": 15,
+ "data": "@domain@"
+ },
+ {
+ "name": "domain-search",
+ "data": "@domainsearch@"
+ }
+ ],
+ "subnet4": [
+ {
+ "subnet": "@subnetcidr@",
+ "pools": [ { "pool": "@poolrange@" } ],
+ "option-data": [
+ {
+ "name": "routers",
+ "data": "@router@"
+ }
+ ]
+ }
+ ],
+ "loggers": [
+ {
+ "name": "kea-dhcp4",
+ "output_options": [
+ {
+ "output": "stdout"
+ }
+ ],
+ "severity": "INFO",
+ "debuglevel": 0
+ }
+ ]
+}
+}
diff --git a/debian/tests/smoke-tests b/debian/tests/smoke-tests
new file mode 100644
index 0000000..2de85c4
--- /dev/null
+++ b/debian/tests/smoke-tests
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -exo pipefail
+
+# kea-ctrl-agent needs a password file, or else it won't start
+# this also tests the debconf mechanism
+debconf-set-selections << eof
+kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password
+eof
+
+dpkg-reconfigure kea-ctrl-agent
+kea_password_file="/etc/kea/kea-api-password"
+[ -s "${kea_password_file}" ] || {
+ echo "ERROR, debconf-set-selections failed to set a password for kea-ctrl-agent"
+ exit 1
+}
+
+# Arbitrary wait to allow for the services to start.
+# This is needed to avoid having racy/flaky tests.
+sleep 5
+
+# Check that the PID files are in the right location
+for f in kea-dhcp4.kea-dhcp4.pid kea-dhcp6.kea-dhcp6.pid kea-ctrl-agent.kea-ctrl-agent.pid kea-dhcp-ddns.kea-dhcp-ddns.pid; do
+ test -f "/run/kea/$f"
+done
+
+# Check that the sockets are in the right location
+for socket in kea-ddns-ctrl-socket kea4-ctrl-socket kea6-ctrl-socket; do
+ test -S "/run/kea/$socket"
+done
+
+# Check that lock files are in the right location
+test -f /run/lock/kea/logger_lockfile
+
+check_kea_version() {
+ CHECKED_VERSION=$1
+ if [[ ! ${CHECKED_VERSION} =~ [0-9]+(\.[0-9]+){2} ]]; then
+ echo "Version [ ${CHECKED_VERSION} ] does not match X.Y.Z format"
+ exit 1
+ fi
+}
+
+# Check dhcp4 server configuration file
+kea-dhcp4 -t /etc/kea/kea-dhcp4.conf > /dev/null
+
+# Check dhcp6 server configuration file
+kea-dhcp6 -t /etc/kea/kea-dhcp6.conf > /dev/null
+
+# Check if we need to provide authentication
+auth_params=""
+basic_auth_params=""
+if [ -s /etc/kea/kea-api-password ]; then
+ auth_params="--auth-user kea-api --auth-password $(cat /etc/kea/kea-api-password)"
+ basic_auth_params="-u kea-api:$(cat /etc/kea/kea-api-password)"
+fi
+
+# Check control agent API
+TEST_KEA_VERSION=$(curl ${basic_auth_params} -s -X POST -H "Content-Type: application/json" -d '{ "command": "version-get", "service": [ "dhcp4" ] }' 127.0.0.1:8000 | jq -r '.[0].text')
+check_kea_version "${TEST_KEA_VERSION}"
+
+# Check control agent API through kea-shell
+TEST_KEA_VERSION=$(echo | kea-shell --service dhcp4 --host 127.0.0.1 --port 8000 ${auth_params} version-get | jq -r '.[0].text')
+check_kea_version "${TEST_KEA_VERSION}"
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..7ffad73
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,6 @@
+Documentation: https://kea.readthedocs.io/
+Changelog: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes
+Bug-Database: https://gitlab.isc.org/isc-projects/kea/-/issues
+Bug-Submit: https://gitlab.isc.org/isc-projects/kea/-/issues
+Repository: https://gitlab.isc.org/isc-projects/kea.git
+Repository-Browse: https://gitlab.isc.org/isc-projects/kea/
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..876061d
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,175 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGNjen4BEADDHiUVNbkFtiKPaMWjKxbKmF1nmv7XKjDhwSww6WFiGPbQyxNM
+r8EHlEJx5kMT67rx0IYMhTLiXm/9C4dGYyUfFWc35CGetuzstzCNkwJs7vZAhEyk
++06CX4GFiHPOmWIupGCxFkNz1Qopz3ZePMlZRslVCHzW4dbg5NKLI0ojXlNaTDU5
+mgUXpsPi/6l6QE6q3ouvmWPF4u71cZ1+W4UkIRAXOlbVsDzGaMaoHjJd8cOM8DrZ
+gKHACNPjzqOvEujXDC2vyKw6XpxR+pHz0QcrRtlKnVhPNiKcDfw2mJJ5zxi9uSDc
+dh5FomMn9sS4gy2Tub2urELnPf9xnURftRGG3VO6nZc81ufQB4s1BNT2ny0Uhx5V
+mXUJwefMypMBfAvWCWBCeyWYtBeo7LT3NmtLq3oVGPfl7+a0ToFAYeghspK8/nOX
+6/fqF1MEtzvWjXljz6K7FSDYSY9AoaESLHGwCo6dtff5S7f1+l6PCUNo6aM/B5Ke
+SIAN9Lm6z2iVuy9Lukw+5IRoRKHHV4rJauPtDeYoWnNiSd7Q4vFtotUIjRpDARpm
+xWS711Q2T+knHFLEiU8QzxjLhOnTzh4n9dDLHCkOY5WM5krldVeL5EuTyPKinuSn
+oE01A7I4IGJp753CshibxjNYDiEOVeK93R38Y543edlIrYxnfyMVsiqPkwARAQAB
+tDRNaWNoYcWCIEvEmXBpZcWEIChDb2RlLVNpZ25pbmcgS2V5KSA8bWljaGFsQGlz
+Yy5vcmc+iQJOBBMBCgA4FiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmNjen4CGwMF
+CwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQUQpkKgbFLOwiLxAAjYuI4JQ8mPq7
+YrV9m4tu+jOKvoKfpjct2Rh02n/X3ChOgrdcXU898eH56tRk8Mv/E+cBTPN9zQn6
+rLprbYR2t2R+zgvuUZWA8In7aewoPIJw8OdlG0gTK9m3VHJIOhIX07qcFttSZw4m
+4rEU5mdxi9FatBWBzqnVm4Pn577aqRXK908j+6TvgWbZ6Cq0tw3syVT4kGj+93+P
+uIQQQkTYN8UDQPsAKzfzkbQC9I5YXBKUoB9CfhXig8V9N75R0gsWkJ8Vy/8wsPXT
+9/EPIIzhnhSuUIjvvBPbLGrzDgbhrfUQ/QVuXDVN8xl3rAWM/tiNGOnmzoYORyM5
+ftrnCDIaO4aVKR6rtEzfdQa5Kid1StfhFien/U8jYErxkEn2HRt2gVEX5nYq31T+
+0jgVode2Dzkm4+HKHmfOYsQeC07Mu6wZw9raNYqFjTcfh0ajFpLIT3j2YqOJE2jy
+KbcveJcy2NiOiUl13exIZuBkZm0wEVbvgVX1PlgL3GJqnbU/Q+maRTb8FBoQVsOd
+GIm7U/phU91qR+00SkOcp2LgHCCNKrmHXgiBNYBbInNIp6ze3bFvfKTRFn8WdY9v
+Z7vNfKar8rt90mpjYG9qMhmvh4E9icfp3wRUtOwyi7VVtVTTUq0iFTe2C0m0v6KW
+XcDwwwaTbl79BOqOH3Gp1flS2ECBsyiZAg0EY2N8xQEQAMWcyZbpxEyefX4JTszG
+ocpz8C8yqvZJQUfoDK5AecQWR7OegPkIqwJcHEH5cz+MduklXNQdra/snn6pxGig
+At3xCwfzRTH/aYXdjcjnma1elzZSTgk6Maw4zR/W9wea2DcUtMCcsys0gviN/VUe
+Aqt+5pmhy2PlEWfJG+Mzyrqgz3Q8hRyAJAKONAwNhs1A4ZqQX/6iuCkJbH1CBeoW
++c+5qJHYEXsx25qR1yiKOFo5b90QOcwaebUq+xKQRlnESn75FTgDjDfDm9BqrHcn
+Tv79kOuIN5vhz4BCsuo5QbNu4RGrs/1VSTPvMf5AN7xs9pYNMAEde7pSF1Ps3B5p
+CE6iUw9L53ytV4iJQKXpzG29LofUu65YQjIXPgK7NbBO7FUHA41YbSfoWiOAjfMh
+iE025YM2+RPQh/Nrc3PqBj4h21ycT+d8eEXKfc/okbVFFE9dKS1hUwKgSrs7baOG
+CBZdpiB+t3jWrr8UrteALab7v0rndco3QKOe9U3f+Gm3MdgLK1TGiRgpdyiIXEel
+J7zhsdoYEvaKMgUOjhf+COdlf8b9ITg93mDKe8h0OcpirCXw4O2ma3sklabzZKZf
+CPhhja6Ro5gmO5pxaLau+esQWNrjEikynNIs+GRphtcFsVVH+ww26mR0nI65Llgv
+kb4+DrbDGSPP6R/C2q/LMLM1ABEBAAG0ME1pY2hhbCBOb3dhayAoQ29kZS1TaWdu
+aW5nIEtleSkgPG1ub3dha0Bpc2Mub3JnPokCTgQTAQoAOBYhBNmczq+Hl0cBTwON
+YxguI1eUYu+qBQJjY3zFAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBgu
+I1eUYu+q9IAP/j/GGneuvjwbXdATiQAmkiFlOxjs+SsO/hgA/mmWcm+Kpg4cAlbP
+C2xEDa6biJyZ8TmLZEqPNrRm/umiisC8JnIJpIbInn42n4aDCRDW35lrYGdnP1Ft
+fexnEOWAJBDRVvh9OnfRfvf+HLFfLFl40b/15YzkTYGIfrMR9y8zalkzXxsVNsyr
+9Eq2pmYR7BT2z8d/9SAVuh8D3qgUylIgcFcCFJodsrI4zJSpIMfMntwVsZxDlis8
+JVFN8/pfhuBBe6vjqX/cGJnj6OL3T12jvvniv13W3rar2Ocm6XA9j1t5TZNhKqAy
+azAKu52NtdJjh25B6C/H+haXAX1eduCCE74uSarqS3F1wf6JI3p8fnWzk4hZNzxp
+nZjIk3vrHNjE4jXTZosXCf5DoVRfMpNbxj3YEnXV+kNZQRYPPatUPgFYbxz91hbN
+tHyCiy0GmTyf0QId8LTc0y9mPtP9QureJJ6rL8lt7pvXyrYglqhxDgRhJIGKMKdw
+0bQtTEF4tyNzC4/sg4/omAGH66clhXlqMmuUjHSUiQyA4LL1mJl63Q+bwqXX4B8t
+898tSUmb4Jmg3jLZ3Z9Hl7H8Sp3yYPOLzb2YUF6w3xFsUrNNzVxHFo8tAtEhtEfX
+D+ypkowZq8g41WqMlOBrrzQFuExUSXckH2Cn97lV6lkBoueqxP+Zv0bbmQINBGNj
+qIkBEADDw/CKszyuFKpVp4Z26rKJ3ooOlp8p9a+fmfuknPtMjJMSX8xK8pOlK739
+K83yvDRUidT4+R9IAUKM7TqGA0hoPZmZQLiK0YLlAAXufKxO9IsDZI/7DuF2d8fu
+usKQfS4oJC/IbzOAVwgwodnvKhttLWutT09GxiHrnfVPu6Uf4A+GWtrcTIWhXuxE
+m7+16ToxBOTLtQ3hh79/RndUuM0ldKRRzJUzASGIPmdQJDLCKgSSeaGjZAdq6gkl
+qT/K/R8eoLWSOaBRq8lBE1k7Tq4nSwthMHtCQq4+vxFWH3VF9hwy6ixccROPqt9s
+fNfJK3KF4KGhfejMuVn/Lxp1v+Ne2DsdnVofFakAbBMpMyauzAyXPncYSfFhzLBD
+kkn7THkfRznmHD8ux89kV534EyqYLjAy8AAD6zNc3tSYgfC0UUw7yz05Sl/eV9Xc
+pbezu2ipONlXko8jpCQiiHck599cy+StrjjYPwcHF5m8uUlNnzHoUj8qsoK5SA8u
+RnTW2I4DFbL0+x8eL7gmNQYFdMaA4azogtaTFWgPL2jPJ3B+/bUfHDZflvR0FB5+
+OD/QHsDv4SB6uX8TOhGbFsHpt7E0scb2U9B8gQeQQJZ3jmcIRp+K18mjYh/ErDFW
+23ixBe7h3tn2MGUTOhv1ibOYDE3GYBuGLQiom6yhCs8zrneuAQARAQABtDFXbG9k
+ZWsgV2VuY2VsIChDb2RlLVNpZ25pbmcgS2V5KSA8d2xvZGVrQGlzYy5vcmc+iQJO
+BBMBCgA4FiEEAlmjO19aOkRmzzRcel4ITKylGIQFAmNjqIkCGwMFCwkIBwMFFQoJ
+CAsFFgIDAQACHgECF4AACgkQel4ITKylGIRk9g//XrvOYy9zQkpo4Dkol8yLxr99
+Dq9Ur2v8F5Ba4za4QdUxeYrlq8J827mkUqMtnlyb/+3zSMy2I6HAI8QxlDZL5K0g
+Gm7iLrwVTM8nAQiNU5vAe4D6PeO5ATBEvRdAUTQGz4xeaTrUXbmNUSC1dZEPvH1z
+Fa/Z1WZoy9GLeuWDXix6OXTP8FlQWUTL4/ILLtfJDsWCCX7efkyfnvad8Ye2NfU9
+tBjRX5QQ0Dpvgpr8/7El44XcmaHxPWEiq8X2p/d6j3nU/7LspUXRu3ptu5Q2RqMM
+iRDZme2c8zieHETpC7m5sshzGxRtT5jWEtZ6V37On5DNTObvXCiaGV95qgiHi5VG
+s3MFD3QSo1jJI951k68UM8V+OnzbJGN7TezZ3fTn5Pwdd4C4035QMl0E5NXCcXc8
+9d+3DeFmewRRGCaOKPuO/jFPLWcwMlQqp5tkNx8LpqEZfD7/t6FrSvDUsUDU8Rn0
+TQILnUZioO68HmeuJbhKaUCMuZGjBIbBqviiufFRiJuEFOVKADQ1u/P5ct/0T/gE
+JAho3aubzdYMH5DLsaw03W5KfOjeTLW10zSmSK65wnR6fdwlo5l/Sg6Z63QXD+/H
+/OIFgzviJkyoh6MkH55z2K8BDWbhOmaUBjNAcQEXV1KyHeLDkQ+TJfLjctv4KIpv
+D7i6kNIp1b6OSdDS9W+ZAg0EY2OzdwEQAMRWPO237ohaXNpKO+dw1qkfOYYisiTQ
+yfkT7BG0Xvu8jxeOdRuvUzzplgOfwWhOQkyEEXd205/PpwReeeRwhiu0BDSrzYGM
+KZdw9Bw4enoaOinf5WTqM76mc5WUYfvDJIiHies+ANxj4EqTzvSif9hxvvzrbKYV
+lHdaGtLm40D6yZSzDEe3X49DmEABM4g/Bs7NfVJcJ3LtLo6qbLy2tKEgNPW+VN/s
+harufucxnH5HM6BUUOGZx8L04UCNJu+jvZ0zjLc5DqubNO1526kZclAo94DfTkb+
+ir9nxKn7RkdcseibeYPdeIh3le6aU6M0KhTJs3RCxaQF9At08Vrrkh+wkK2Jr5QW
+bs8cHpEJ+Q7BwDuAQetFi94eq7Sswh4mjhJ6ZnFCx8v9EbQnvL76afMbhZOezpaQ
+aAwXVuIio2fsJpHfxWnXb93H1QKiOQdBZZLQGowcFQCqAWg7h2FwWWbKMV1smGHr
+/28tLZtk/4aSCd9cZ9+nofFPPemPLbYwnBECIZN21QKZ2oBXKxb3hchy4EBTKWtC
+G/fbTsjSfTCUpMNZ57HO3rGXchjSdIf+tTGJpAqWkTcXuhWXBMWPK6/2REk/DKis
+XHugHg9R9hqGs2DaMpGh5NrOLly9+0dsjU15iTQucXbCS9895bRtmDjIN8dLSo9H
+6DDw4yO7SHTlABEBAAG0NE1hcmNpbiBHb2R6aW5hIChDb2RlLVNpZ25pbmcgS2V5
+KSA8bWdvZHppbmFAaXNjLm9yZz6JAk4EEwEKADgWIQQJCioHkj+SW1dngDpC5d94
+yDJx2wUCY2OzdwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBC5d94yDJx
+29U0D/41C8WaGEphQW1N5lT/1284qiPuz3w3iSciAAoAe8iHUGBcSNpAWQmWvWXI
+buKb92Gtt8JtSOHwQj8qiHjqRsUu02t/tEgQMQUq6p2jqbxODJfHR8oMFMMB0i0I
+RgKtEQeq5wRJpVtH+zIFSl9PorsJtHHfhVbqxvE/axcNKa+WaqZdHuKMqADupQEw
+6rD7yYVX6YPiHxMhba2AAAoHT/3VpHC0JidZ5BWGwkfnGbV1/7O91GHfJx6KN/AK
+DKb5hFl4TrieDLJzphBWg0y4FJ4K7WSIKvcT2cLel9f9pHV6ysqSZWkCbkjkaVIi
+LyoA0o7l263WU0D5oG2ihW6Pa2YrWHDDjfTem+kOEFsMjN+Gw74I4KWUBtldfnHK
+A8TyeviKkVok1lwDAoJ3LJi/bcyCLgBZLInOU31mQ7mIXq1ENCOIvQvaG0Lwdt59
+sBI8sknHkt+54t/VCaKbWSBOzgGur6EDf9WtPHWvHNCKEleDiHCELdhRYYtENO7T
+vTv6Fq6Lh26dor26LnARLPvGLAKwONJ0vlTEG8IyoD5AHz9MwdXYgzh8wIvc/HtD
+/0FlQGLd0WYVI6UjZfPxHOZAzARJKXLJMqiSn8hnO8v6JZaUcOF0yRKTKtzqsjzU
+v9TubCGdQAaCSCaD2fmA0BEs/FpOnZ8P1fXMpcHGEtMV0qc0wZkCDQRjY7/GARAA
+ubCCHkdiMblMA9ZlcOVN1Wep7TuYxQouATTb+73iHDQRNIU7DvluHoSq5zJe1Qst
+zjTmtlkr2dyI5JnBexUEKrw2X7gPXfLaXY01gLLB/Jn8tU9VxPqBybxmjmEdP58B
+I7BwmCyMYNqDuvPSfTMlogH/pF35Al+c8UbOfDEQqxSO2nKPNa4T5ZoVxvMxV4gn
+hEJPv8Xte/wiE+CxxbmO2we6rwJjWe7O3T0mNmqvpO8iIsLlQnwTFD5L1huywPc0
+UDHK0nl8k2lkue2buaOiancLatXt/i+L1DIimCgZwOt3DlVLURH5lz5ALXE/fn+5
+wKkp+XVyNTAEFhSGifgBDYFw3nZeRTU7unMsRssL8SjuwPWoCcRI/3VE08xCuXc+
+h6NpGfeJjLRgUSSBF+958djY320TcXaRLrqRhjcJ34dBsDYsRSC15nnq2JU6Vj5t
+rJL9qOdwVAFwKeAfROUULcy/LHZ3QgKLN5jOfdqYzE2KHk1+VANttRPTG34i6uq6
+yzCFFYadwST22+QWvxh2ohYj2INvvrzRf3lVxssWyb4USB0JPajgnGeNY/hSYfDa
+KArqOr9S+3q7h0v4RgoPxDRFIC8v/10W4wPC7R3wj0m/1WHkSm951Wtzq3V84uCF
+LLhx2ByNpnJFRFqklonAH3WHUIeYcdXAsTeunrGU/XsAEQEAAbQuR3JlZyBDaG91
+bGVzIChDb2RlLVNpZ25pbmcgS2V5KSA8Z3JlZ0Bpc2Mub3JnPokCTgQTAQoAOBYh
+BJWA1r8syA8eO7ESUt6rkdVLE8m4BQJjY7/GAhsDBQsJCAcDBRUKCQgLBRYCAwEA
+Ah4BAheAAAoJEN6rkdVLE8m42PwP/RFmUzgsoM23Z/NQ2AacCFTmHweEllkmf+25
+3hP80BuSHKsdzlmllFux+xbKZEpQK0nL3fqW8yyv69WmsoKZPpZJxmQ6bwUbtXC7
+rHkt5gfOXiTaxDBmgO2dcnDsKLb+bEQ7C5hay1P8rOvf13a4UZeTP37gRGmMr38+
+LvADIspIxBdSvFa7Hb4HKG4VVDai8jaPCF0q8daEWMJxyKSfOQBtSVVAzjLcGrYR
+bCPDAI1DEASyQOru52WREe4vJCwSaq9dZyGhaWcnyTVQO8bsSLxu7cUVxA3SOheQ
+izYKkYNbaBDmWlZxLYFsTUf5izEYdW5BwHaowmw22hSspFod+c37BoY/ePfkR5iQ
+YuEff/unyqvdHMDqIXWZqpAi5o5hW3jdCd7ZL5T0WWjz4CQ8eko1ZYYnYzZlDrge
+F0veW8+lzHBLx3Ad8HyVGwtRe+VV1V0AZ0lpWMtxo02ZDRtqNDqPqVfLT5P87ZPv
+r5GhKtedgrjwY2clgmCT0xgAKNxi2SC+c/vI5PRkIoqwbTiryLIYq8tl6T1k6AMY
+eN1ZNQR7eNEXpIvYRD/BZw7IWKkCRaKwfDVhUHCm0ikylwdLXIfEEEA5mu2LJeZh
+vCddhks0S8+lRyWR/3okurF6rlloNtM1pslceh2AMDwfs3fORhYJxFsV7O7fyRnD
+NS93fq56mQINBGNj8P4BEADXK//p0lWEUNUYirsm6BUyUXqPlPrpVTdPB1tJPj1o
+zgeMKFOpYRPU1IZF1G6pbKD09gL6y19LehQYx1a57PF7kCx2ZvvcFN24EHto1H1p
+Ti48dZ7KyyEO1rBeLY5Zjgz6YvQZcSH3cd6cTrAo7hPIAjtgSTWp04FjtYJqf+tT
+gf+9ZWY+i4nQ6/Q5Z5NUd8jsOcOoFDsmY6Fds+lzn0aZSg2yfd8fnX5QFOIwDv66
+aM25q2kvkrX0wtvSQbulC8x5g6fIB3xEL6MWbXcEBYkBMW5Cnw/Kmyj7lJwVwvEO
+FFhKaOH/d2LG3rM66gl048aJYLhEJyFSyooBynXs8S/NLDgca94Bvb54FPX8LC3p
+lqJRLxhdkha5NLcUYiHOq/L7LWdThh5rRAy87Ggog8TVza118K3oiYujlyVEzLhB
+NVMT8x5kl15YknVgOKJAv9j28bSZihHrS7aga1BtYFD8yA9MuuDaHARV6YmThkdg
+OEz/PNECjsxCLcT5Bbthzg6Jg1qo3Unyeup0UbyX4zxSphCVmerDmMYddLjJ/ydc
+1uxyn4IPINBSx2sAPuUIymhVC29MB6N+SnB37/poTvSsIH15Vg264OVdaervIpuC
+W3eUANr7zrdO85nc1CTWGhugFwccXv9nyxAt8zUF/ci17p1/mLpy9K3LqlStVI9j
+MwARAQABtDBDYXRoeSBBbG1vbmQgKENvZGUtU2lnbmluZyBLZXkpIDxjYXRoeWFA
+aXNjLm9yZz6JAk4EEwEKADgWIQT8h0w+P+hncHCscb617/asfhrd+AUCY2Pw/gIb
+AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRC17/asfhrd+HM6D/9KD/n245Fq
+jVzew92lJtufAxAFkTA5WO6fXweMlUeqMOub4vpVMLPLoFe5TzWbJMtF0m/P5+aU
+YbcvZBWFHsrnwTgA55c1VrhggLOxpw4EU0TvBdwrO7PFOYc2WznaMG+mJdqw+uNM
+yK+G44aIaC6rvi3ILSo5HPnbgQWHs39QIRLLcUjtqvavQQeyYAl0zrvNI9Xrs/Nf
+eE6PS4hIXg90A9VJRhay18w9hA+STb+xmK+3oSwP1ayLqqQ43OnV/pExSHBsjBQk
+4p1nIPlRFL30lGp/o2MoBsRvQM1tELpgBTk1LaTHzuKEpOskrWU37xu0QgEtj7YE
+r0X+GGBxgJuUzqSyLsaDgH1sEDqE+AthFfv2dxDadcXM2cdch9y3OyuSMo89aWGc
+mEVyesjYoV40tDCG73qLtfehhV/iARDMCfnZGyGYIZdDBL+tZTNeLKVDIUi/R3x9
+OmpEl8ZuCuYltyEsJnCF/rQBVMgcTOmsMu6CMx+qT3kC8iGtHqkUT2ufpKISahTn
+e329FQjClEWwBHkr0T4K80Z0REjSo6UBtio73IOCxXe0RqO37L/qgo8xKZbLxy86
+857PRWJhgbw169FJ2kR5p+M5d/g/MUeYnigvWlORW5LyrFg6RnZ1ZbULZI80QhHN
+aSFf/w020HBsLCkzWA/XM6MO2ifJTSn8NpkCDQRkSjCrARAApLUMHAbmxUMWLgDQ
+apRZBwWXriEyIVqA/SIy1PyWPPFXqs3LZ5Kn5Gw1WO8PfzkPZNtccGmNLjujIoRB
+qR41nV5zxcpS896SujBoYl80A4F4v9Op9i2pFeI9r9acFcUDjbGWBqNro4EfRcJN
+Ctkd9+pl3TUvFX06QCTxmmHy3M81SW3b4NWI+jia1cKjCd+qBFBgKWdjSMBeVTBC
+R9eKqsBQ1UJql2bRzc8pReS+TYCeEbhaOCvUCCKCwGtsSUOW726iNB/4zR4OOuQV
+B9ORufwed+E/RXa8N08/l5O96uXG0krJtOVm0/qQcXOaKxiDo6djnAgCdjFK5zaj
+7594wqbI7de58alWb/egqIhjBTgk+/cO+epZ05qx5SoJZL7ny2ottrfS2cBqP4g1
+SIt1sYl9ImHmJkNrNDy0s25nE9Nga6OfRqVbwnwot4ouTGwj0oZsCjw+gWjDdztH
+1fUWSnlA8jaX9/RZG2wKt9dI+Tp/U4d5dyTb8lIIzzgtAzDmDfPxwwT0rxAAL13A
+gDkJ0AzXA4WTOxb/JE2yfCz//kt7n8SYM//LixL4VAB7e/wnfZBhTq0OFpaPjFU0
+h/k0dc40AqcUuK3lSSjQr3KTzRHtjz8qtN4DFSuyZac83QSVtWE1rFKjS8bl3XHC
+kFFRJ2dMt2WRSkLOYNiTGbYLvmEAEQEAAbQwQW5kcmVpIFBhdmVsIChDb2RlLVNp
+Z25pbmcgS2V5KSA8YW5kcmVpQGlzYy5vcmc+iQJOBBMBCgA4FiEE2mo1COZypJ3T
+gq/ZW49NkbiO2QkFAmRKMKsCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
+W49NkbiO2QnQZw//XCpeqT0z/sqtu4FYWwYLz1OvWqhe+uA45f9BccnNSVkGFa7w
+3hlLQC/FLUIx2cVy9AluJBP29iQge/bCcXnzo/QvCbhe/4lCTxhr7nsBe1bWpuNI
+4Pl+cQxZQBwcz74zZ1jjaaQOqm3XtdZxeKNfCQmNvz389UZEk2m8K6qJD23fy20V
+n5Y2C502UuP3MitbYKBxBSbs+Auwy1evz/prQ9VeD4Nv3Zr+jWbWFW+dSDC8jkrX
+cGdwWrUQ51QD8VBB9lPWPGY6yTbRmacr4AlVSo2DAfyjHRrGHigRF/VAD5p1+u2g
+3UFLJaEyujfzwU1kG4+zQCWZ2W2UBOekklq/yefxEY5vU1/Lad7vQhBmogQNF21T
+FvLUE6ez7XNsdMZStDPiT8OoTyFZYLRM4yw5rWKw+1mICBv7NV82YD/8hoMoZPyX
+2tNRTXv2MZ6qD++0dMCIZNEyFTB344srvQSyJ7K7vwxulc7iFWngRA8oe6JkAhH4
+B0yNq1FJm6jIL41S2FmnDL3DlfAdKWapBqzgqkv+X5DQBaTlG9a4BcSsdMJgU/Yx
+dD03YsKhDtEWTqBmmEamR1K1CgCC3mOJfsHB5z+Qhdraz2hMr00EQrD5lnpLLpcF
+rYWoilvVlRy7Y7U5wfhY4074L2ZfB+yElKsvtfGKJX/8g+eJdeRuII+hjEc=
+=NX7P
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/usr.sbin.kea-ctrl-agent b/debian/usr.sbin.kea-ctrl-agent
new file mode 100644
index 0000000..daef478
--- /dev/null
+++ b/debian/usr.sbin.kea-ctrl-agent
@@ -0,0 +1,32 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-ctrl-agent /usr/sbin/kea-ctrl-agent {
+ include <abstractions/base>
+
+ network inet stream,
+ network inet6 stream,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-ctrl-agent mr,
+
+ owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid rw,
+ owner /run/lock/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea-ddns-ctrl-socket rw,
+ owner /{tmp,run/kea}/kea4-ctrl-socket rw,
+ owner /{tmp,run/kea}/kea6-ctrl-socket rw,
+
+ owner /var/log/kea/kea-ctrl-agent.log rw,
+ owner /var/log/kea/kea-ctrl-agent.log.[0-9]* rw,
+ owner /var/log/kea/kea-ctrl-agent.log.lock rwk,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.kea-ctrl-agent>
+
+}
diff --git a/debian/usr.sbin.kea-dhcp-ddns b/debian/usr.sbin.kea-dhcp-ddns
new file mode 100644
index 0000000..cb29b68
--- /dev/null
+++ b/debian/usr.sbin.kea-dhcp-ddns
@@ -0,0 +1,33 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-dhcp-ddns /usr/sbin/kea-dhcp-ddns {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+
+ network inet dgram,
+ network netlink raw,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-dhcp-ddns mr,
+
+ owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid rw,
+ owner /run/lock/kea/logger_lockfile rwk,
+ owner /run/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea-ddns-ctrl-socket w,
+ owner /{tmp,run/kea}/kea-ddns-ctrl-socket.lock rwk,
+
+ owner /var/log/kea/kea-ddns.log rw,
+ owner /var/log/kea/kea-ddns.log.[0-9]* rw,
+ owner /var/log/kea/kea-ddns.log.lock rwk,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.kea-dhcp-ddns>
+}
diff --git a/debian/usr.sbin.kea-dhcp4 b/debian/usr.sbin.kea-dhcp4
new file mode 100644
index 0000000..20d2c82
--- /dev/null
+++ b/debian/usr.sbin.kea-dhcp4
@@ -0,0 +1,47 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-dhcp4 /usr/sbin/kea-dhcp4 {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ # for MySQL access, localhost
+ include <abstractions/mysql>
+ include <abstractions/openssl>
+
+ capability net_bind_service,
+ capability net_raw,
+
+ network inet dgram,
+ network inet stream,
+ network netlink raw,
+ network packet raw,
+
+ /etc/gss/mech.d/ r,
+ /etc/gss/mech.d/* r,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-dhcp4 mr,
+ /usr/sbin/kea-lfc Px,
+
+ owner /run/kea/kea-dhcp4.kea-dhcp4.pid rw,
+ owner /run/lock/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea4-ctrl-socket w,
+ owner /{tmp,run/kea}/kea4-ctrl-socket.lock rwk,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases4.csv* rw,
+
+ owner /var/log/kea/kea-dhcp4.log rw,
+ owner /var/log/kea/kea-dhcp4.log.[0-9]* rw,
+ owner /var/log/kea/kea-dhcp4.log.lock rwk,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.kea-dhcp4>
+}
diff --git a/debian/usr.sbin.kea-dhcp6 b/debian/usr.sbin.kea-dhcp6
new file mode 100644
index 0000000..d8aca09
--- /dev/null
+++ b/debian/usr.sbin.kea-dhcp6
@@ -0,0 +1,46 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-dhcp6 /usr/sbin/kea-dhcp6 {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ # for MySQL access, localhost
+ include <abstractions/mysql>
+ include <abstractions/openssl>
+
+ network inet dgram,
+ network inet stream,
+ network netlink raw,
+ network packet raw,
+
+ /etc/gss/mech.d/ r,
+ /etc/gss/mech.d/* r,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-dhcp6 mr,
+ /usr/sbin/kea-lfc Px,
+
+ owner /run/kea/kea-dhcp6.kea-dhcp6.pid rw,
+ owner /run/lock/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea6-ctrl-socket w,
+ owner /{tmp,run/kea}/kea6-ctrl-socket.lock rwk,
+
+ owner /var/lib/kea/kea-dhcp6-serverid rw,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases6.csv* rw,
+
+ owner /var/log/kea/kea-dhcp6.log rw,
+ owner /var/log/kea/kea-dhcp6.log.[0-9]* rw,
+ owner /var/log/kea/kea-dhcp6.log.lock rwk,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.kea-dhcp6>
+}
diff --git a/debian/usr.sbin.kea-lfc b/debian/usr.sbin.kea-lfc
new file mode 100644
index 0000000..ae165fa
--- /dev/null
+++ b/debian/usr.sbin.kea-lfc
@@ -0,0 +1,33 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-lfc /usr/sbin/kea-lfc {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ network inet dgram,
+
+ /usr/sbin/kea-lfc mr,
+
+ owner /run/kea/logger_lockfile rwk,
+ owner /run/lock/kea/logger_lockfile rw,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea4-ctrl-socket.lock r,
+ owner /{tmp,run/kea}/kea6-ctrl-socket.lock r,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases4.csv* rw,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases6.csv* rw,
+
+ owner /var/log/kea/kea-dhcp4.log w,
+ owner /var/log/kea/kea-dhcp6.log w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.kea-lfc>
+}
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..7e174c3
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,8 @@
+version=4
+opts=\
+compression=xz,\
+uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\
+pgpsigurlmangle=s/$/.asc/ \
+ https://ftp.isc.org/isc/kea/(\d+\.\d*[02468]+\.\d+)/kea-(.+)\.tar\.gz
diff --git a/debian/watch.include-odd-versions b/debian/watch.include-odd-versions
new file mode 100644
index 0000000..be33fe3
--- /dev/null
+++ b/debian/watch.include-odd-versions
@@ -0,0 +1,8 @@
+version=4
+opts=\
+compression=xz,\
+uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\
+pgpsigurlmangle=s/$/.asc/ \
+ https://ftp.isc.org/isc/kea/(\d+\.\d+\.\d+)/kea-(.+)\.tar\.gz