summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:16:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:16:11 +0000
commit54b1861950566a79b72f9291e539dc5168d4f582 (patch)
treec813755f1c63dbd540e78be67be3a7ed8bbb3a98
parentReleasing progress-linux version 2.4.1-2~progress7.99u1. (diff)
downloadisc-kea-54b1861950566a79b72f9291e539dc5168d4f582.tar.xz
isc-kea-54b1861950566a79b72f9291e539dc5168d4f582.zip
Merging debian version 2.4.1-3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/changelog29
-rw-r--r--debian/kea-ctrl-agent.init58
-rw-r--r--debian/kea-ctrl-agent.lintian-overrides2
-rw-r--r--debian/kea-dev.install1
-rw-r--r--debian/kea-dev.lintian-overrides1
-rw-r--r--debian/kea-dhcp-ddns-server.init64
-rw-r--r--debian/kea-dhcp-ddns-server.lintian-overrides2
-rw-r--r--debian/kea-dhcp4-server.init64
-rw-r--r--debian/kea-dhcp6-server.init64
-rw-r--r--debian/patches/0001-support_kfreebsd.patch28
-rw-r--r--debian/patches/0011-kea-ctrl-agent-authentication.patch7
-rw-r--r--debian/patches/series1
-rwxr-xr-xdebian/rules8
-rw-r--r--debian/salsa-ci.yml11
-rw-r--r--debian/tests/kea-ctrl-agent-debconf12
-rw-r--r--debian/tests/smoke-tests4
-rw-r--r--debian/usr.sbin.kea-ctrl-agent2
-rw-r--r--debian/usr.sbin.kea-dhcp-ddns2
-rw-r--r--debian/usr.sbin.kea-dhcp42
-rw-r--r--debian/usr.sbin.kea-dhcp62
20 files changed, 205 insertions, 159 deletions
diff --git a/debian/changelog b/debian/changelog
index c4d385b..e13c948 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,32 @@
+isc-kea (2.4.1-3) unstable; urgency=medium
+
+ [ Paride Legovini ]
+ * d/t/smoke-test: add sleep to allow for the services to start
+ * d/t/kea-ctrl-agent-debconf override systemd restart limit.
+ Thanks to Andreas Hasenack
+ * ci: salsa pipeline: disable the crossbuild-arm64 job
+ * ci: salsa pipeline: fail on Lintian warnings
+ * d/*.l-o: drop unused overrides
+ * kea-dev: build and install kea-msg-compiler.
+ Thanks to Quentin Armitage (Closes: #1065362)
+ * d/kea-dev.l-o: override no-manual-page for kea-msg-compiler
+ * ci: salsa pipeline: enable reprotest, without build_path variation.
+ Thanks to Holger Levsen
+ * d/p/0001-support_kfreebsd.patch: drop patch.
+ The development of Debian GNU/kFreeBSD terminated in July 2023.
+ * d/p/0011-kea-ctrl-agent-authentication.patch: add dep-3 headers
+ * d/*.init: fix SysV init scripts.
+ Thanks to Stefan Klein (Closes: #1055438)
+ * d/rules: disable LTO on ppc64el as it causes crashes.
+ Thanks to Sergio Durigan Junior (LP: #2055151)
+
+ [ Andreas Hasenack ]
+ * apparmor: also allow reading the pid file.
+ At least kea-ctrl-agent attempts to read the pid file, and it makes
+ sense to allow that. Also make the change for all other profiles.
+
+ -- Paride Legovini <paride@debian.org> Fri, 29 Mar 2024 16:38:54 +0100
+
isc-kea (2.4.1-2~progress7.99u1) graograman-backports; urgency=medium
* Initial reupload to graograman-backports.
diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init
index 0dc99dd..3d1d5fa 100644
--- a/debian/kea-ctrl-agent.init
+++ b/debian/kea-ctrl-agent.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP Control Agent for REST Service
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Jason Guy <jason.e.guy@gmail.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC=kea-ctrl-agent
NAME=kea-ctrl-agent
DAEMON=/usr/sbin/kea-ctrl-agent
DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,6 +43,15 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
fi
}
@@ -52,13 +61,15 @@ create_lockfile_dir()
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +84,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +93,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +104,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +128,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/kea-ctrl-agent.lintian-overrides b/debian/kea-ctrl-agent.lintian-overrides
deleted file mode 100644
index 735c4ac..0000000
--- a/debian/kea-ctrl-agent.lintian-overrides
+++ /dev/null
@@ -1,2 +0,0 @@
-kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-ctrl-agent.service]
-kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-ctrl-agent.service]
diff --git a/debian/kea-dev.install b/debian/kea-dev.install
index c32c7a8..9805c55 100644
--- a/debian/kea-dev.install
+++ b/debian/kea-dev.install
@@ -1,2 +1,3 @@
usr/include/kea/*
usr/lib/*/libkea-*.so
+usr/bin/kea-msg-compiler
diff --git a/debian/kea-dev.lintian-overrides b/debian/kea-dev.lintian-overrides
new file mode 100644
index 0000000..a87424b
--- /dev/null
+++ b/debian/kea-dev.lintian-overrides
@@ -0,0 +1 @@
+kea-dev: no-manual-page [usr/bin/kea-msg-compiler]
diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init
index 2a1a135..c67be9e 100644
--- a/debian/kea-dhcp-ddns-server.init
+++ b/debian/kea-dhcp-ddns-server.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP DDNS Server
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Adam Majer <adamm@zombino.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC=kea-dhcp-ddns
NAME=kea-dhcp-ddns
DAEMON=/usr/sbin/kea-dhcp-ddns
DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/ddns.html#starting-and-stopping-the-dhcp-ddns-server
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,22 +43,39 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
fi
}
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service" $DAEMON
+}
+
#
# Function that starts the daemon/service
#
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +90,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +99,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +110,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +134,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/kea-dhcp-ddns-server.lintian-overrides b/debian/kea-dhcp-ddns-server.lintian-overrides
deleted file mode 100644
index a83cf9d..0000000
--- a/debian/kea-dhcp-ddns-server.lintian-overrides
+++ /dev/null
@@ -1,2 +0,0 @@
-kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-dhcp-ddns-server.service]
-kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-dhcp-ddns-server.service]
diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init
index bcf4ad8..c91aa61 100644
--- a/debian/kea-dhcp4-server.init
+++ b/debian/kea-dhcp4-server.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP IPv4 Server
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Adam Majer <adamm@zombino.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC="kea-dhcp4"
NAME=kea-dhcp4-server
DAEMON=/usr/sbin/kea-dhcp4
DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp4.kea-dhcp4.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,22 +43,39 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
fi
}
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service,cap_net_raw=+ep" $DAEMON
+}
+
#
# Function that starts the daemon/service
#
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +90,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +99,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +110,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +134,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init
index 0aa0e27..7b57f01 100644
--- a/debian/kea-dhcp6-server.init
+++ b/debian/kea-dhcp6-server.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP IPv6 Server
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Adam Majer <adamm@zombino.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC="kea-dhcp6"
NAME=kea-dhcp6-server
DAEMON=/usr/sbin/kea-dhcp6
DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp6.kea-dhcp6.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,22 +43,39 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
fi
}
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service" $DAEMON
+}
+
#
# Function that starts the daemon/service
#
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +90,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +99,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +110,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +134,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/patches/0001-support_kfreebsd.patch b/debian/patches/0001-support_kfreebsd.patch
deleted file mode 100644
index 123113b..0000000
--- a/debian/patches/0001-support_kfreebsd.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Adam Majer <adamm@zombino.com>
-Date: Fri, 13 Jul 2018 17:06:51 +0000
-Subject: support_kfreebsd
-
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -457,7 +457,7 @@
- [AC_MSG_RESULT([OS X >= 10.9])
- kea_undefined_pthread_behavior=yes])
- ;;
--*-freebsd*)
-+*-freebsd*|*-kfreebsd*)
- # On FreeBSD10.1 pthread_cond_destroy doesn't work as documented, which
- # causes the CondVarTest.destroyWhileWait test to fail. According to the
- # pthread_cond_destroy documentation for FreeBSD, this function should
-@@ -555,7 +555,7 @@
- BSD_TYPE="OSX"
- CPPFLAGS="$CPPFLAGS -DOS_BSD"
- ;;
-- *-freebsd*)
-+ *-freebsd*|*-kfreebsd*)
- AC_DEFINE([OS_BSD], [1], [Running on BSD?])
- AC_DEFINE([OS_FREEBSD], [1], [Running on FreeBSD?])
- OS_TYPE="BSD"
diff --git a/debian/patches/0011-kea-ctrl-agent-authentication.patch b/debian/patches/0011-kea-ctrl-agent-authentication.patch
index 1262bbc..d965fbc 100644
--- a/debian/patches/0011-kea-ctrl-agent-authentication.patch
+++ b/debian/patches/0011-kea-ctrl-agent-authentication.patch
@@ -1,3 +1,10 @@
+Description: Set kea-ctrl-agent up to require a password.
+Author: Andreas Hasenack <andreas.hasenack@canonical.com>
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2007312
+Last-Update: 2023-03-17
+
diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
index e6ae8b8a..f7e3fed2 100644
--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
diff --git a/debian/patches/series b/debian/patches/series
index 7bafbb0..d18b4f5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-0001-support_kfreebsd.patch
0002-kea_admin_fix.patch
0009-disable-database-tests.patch
0010-set-control-sockets-location.patch
diff --git a/debian/rules b/debian/rules
index 6e2b45e..ec21498 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,6 +9,13 @@ include /usr/share/dpkg/pkg-info.mk
# see FEATURE AREAS in dpkg-buildflags(1)
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+# Disable LTO on ppc64el as it causes crashes (LP: #2055151).
+# This has been spotted in Ubuntu, where LTO is enabled by
+# default, but it likely that Debian would be affected too.
+ifeq ($(DEB_HOST_ARCH),ppc64el)
+export DEB_BUILD_MAINT_OPTIONS += optimize=-lto
+endif
+
%:
dh $@ --with python3 -X.la
@@ -22,6 +29,7 @@ override_dh_auto_configure:
--with-pgsql \
--with-boost-libs=-lboost_system \
--enable-generate-docs \
+ --enable-generate-messages \
--enable-shell \
--disable-static \
--disable-rpath \
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
index 8d6a858..3c99ae9 100644
--- a/debian/salsa-ci.yml
+++ b/debian/salsa-ci.yml
@@ -3,5 +3,12 @@ include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
variables:
- # The package isn't near to be reproducible.
- SALSA_CI_DISABLE_REPROTEST: 1
+ # FTCBFS because of missing build-deps that are unlikely to be fixed any soon.
+ SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1
+ # Fail on Lintian warnings
+ SALSA_CI_LINTIAN_FAIL_WARNING: 1
+ SALSA_CI_LINTIAN_SUPPRESS_TAGS: >-
+ orig-tarball-missing-upstream-signature,
+ package-name-defined-in-config-h,
+ # Not reproducible when varying the build_path.
+ SALSA_CI_REPROTEST_ARGS: --variations=-build_path
diff --git a/debian/tests/kea-ctrl-agent-debconf b/debian/tests/kea-ctrl-agent-debconf
index c3456ca..5790977 100644
--- a/debian/tests/kea-ctrl-agent-debconf
+++ b/debian/tests/kea-ctrl-agent-debconf
@@ -12,6 +12,15 @@ cleanup() {
trap cleanup EXIT
+override_systemd_throttling() {
+ mkdir -p /run/systemd/system/kea-ctrl-agent.service.d
+ cat > /run/systemd/system/kea-ctrl-agent.service.d/override.conf <<EOF
+[Unit]
+StartLimitIntervalSec=0
+EOF
+ systemctl daemon-reload
+}
+
check_perms() {
local file="${1}"
local wanted_perms="${2}"
@@ -245,6 +254,9 @@ test_empty_password_via_debconf() {
}
+# we restart kea-ctrl-agent a lot during this test
+override_systemd_throttling
+
test_fresh_install
test_service_wont_start_without_pwfile
test_configured_password
diff --git a/debian/tests/smoke-tests b/debian/tests/smoke-tests
index 99ae83a..2de85c4 100644
--- a/debian/tests/smoke-tests
+++ b/debian/tests/smoke-tests
@@ -15,6 +15,10 @@ kea_password_file="/etc/kea/kea-api-password"
exit 1
}
+# Arbitrary wait to allow for the services to start.
+# This is needed to avoid having racy/flaky tests.
+sleep 5
+
# Check that the PID files are in the right location
for f in kea-dhcp4.kea-dhcp4.pid kea-dhcp6.kea-dhcp6.pid kea-ctrl-agent.kea-ctrl-agent.pid kea-dhcp-ddns.kea-dhcp-ddns.pid; do
test -f "/run/kea/$f"
diff --git a/debian/usr.sbin.kea-ctrl-agent b/debian/usr.sbin.kea-ctrl-agent
index fd4cca5..daef478 100644
--- a/debian/usr.sbin.kea-ctrl-agent
+++ b/debian/usr.sbin.kea-ctrl-agent
@@ -12,7 +12,7 @@ profile kea-ctrl-agent /usr/sbin/kea-ctrl-agent {
/etc/kea/** r,
/usr/sbin/kea-ctrl-agent mr,
- owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid w,
+ owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid rw,
owner /run/lock/kea/logger_lockfile rwk,
# Control sockets
diff --git a/debian/usr.sbin.kea-dhcp-ddns b/debian/usr.sbin.kea-dhcp-ddns
index 5e7aa51..cb29b68 100644
--- a/debian/usr.sbin.kea-dhcp-ddns
+++ b/debian/usr.sbin.kea-dhcp-ddns
@@ -14,7 +14,7 @@ profile kea-dhcp-ddns /usr/sbin/kea-dhcp-ddns {
/etc/kea/** r,
/usr/sbin/kea-dhcp-ddns mr,
- owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid w,
+ owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid rw,
owner /run/lock/kea/logger_lockfile rwk,
owner /run/kea/logger_lockfile rwk,
diff --git a/debian/usr.sbin.kea-dhcp4 b/debian/usr.sbin.kea-dhcp4
index 9e8b202..20d2c82 100644
--- a/debian/usr.sbin.kea-dhcp4
+++ b/debian/usr.sbin.kea-dhcp4
@@ -26,7 +26,7 @@ profile kea-dhcp4 /usr/sbin/kea-dhcp4 {
/usr/sbin/kea-dhcp4 mr,
/usr/sbin/kea-lfc Px,
- owner /run/kea/kea-dhcp4.kea-dhcp4.pid w,
+ owner /run/kea/kea-dhcp4.kea-dhcp4.pid rw,
owner /run/lock/kea/logger_lockfile rwk,
# Control sockets
diff --git a/debian/usr.sbin.kea-dhcp6 b/debian/usr.sbin.kea-dhcp6
index a96b0bd..d8aca09 100644
--- a/debian/usr.sbin.kea-dhcp6
+++ b/debian/usr.sbin.kea-dhcp6
@@ -23,7 +23,7 @@ profile kea-dhcp6 /usr/sbin/kea-dhcp6 {
/usr/sbin/kea-dhcp6 mr,
/usr/sbin/kea-lfc Px,
- owner /run/kea/kea-dhcp6.kea-dhcp6.pid w,
+ owner /run/kea/kea-dhcp6.kea-dhcp6.pid rw,
owner /run/lock/kea/logger_lockfile rwk,
# Control sockets