diff options
-rw-r--r-- | debian/changelog | 29 | ||||
-rw-r--r-- | debian/kea-ctrl-agent.init | 58 | ||||
-rw-r--r-- | debian/kea-ctrl-agent.lintian-overrides | 2 | ||||
-rw-r--r-- | debian/kea-dev.install | 1 | ||||
-rw-r--r-- | debian/kea-dev.lintian-overrides | 1 | ||||
-rw-r--r-- | debian/kea-dhcp-ddns-server.init | 64 | ||||
-rw-r--r-- | debian/kea-dhcp-ddns-server.lintian-overrides | 2 | ||||
-rw-r--r-- | debian/kea-dhcp4-server.init | 64 | ||||
-rw-r--r-- | debian/kea-dhcp6-server.init | 64 | ||||
-rw-r--r-- | debian/patches/0001-support_kfreebsd.patch | 28 | ||||
-rw-r--r-- | debian/patches/0011-kea-ctrl-agent-authentication.patch | 7 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rwxr-xr-x | debian/rules | 8 | ||||
-rw-r--r-- | debian/salsa-ci.yml | 11 | ||||
-rw-r--r-- | debian/tests/kea-ctrl-agent-debconf | 12 | ||||
-rw-r--r-- | debian/tests/smoke-tests | 4 | ||||
-rw-r--r-- | debian/usr.sbin.kea-ctrl-agent | 2 | ||||
-rw-r--r-- | debian/usr.sbin.kea-dhcp-ddns | 2 | ||||
-rw-r--r-- | debian/usr.sbin.kea-dhcp4 | 2 | ||||
-rw-r--r-- | debian/usr.sbin.kea-dhcp6 | 2 |
20 files changed, 205 insertions, 159 deletions
diff --git a/debian/changelog b/debian/changelog index c4d385b..e13c948 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,32 @@ +isc-kea (2.4.1-3) unstable; urgency=medium + + [ Paride Legovini ] + * d/t/smoke-test: add sleep to allow for the services to start + * d/t/kea-ctrl-agent-debconf override systemd restart limit. + Thanks to Andreas Hasenack + * ci: salsa pipeline: disable the crossbuild-arm64 job + * ci: salsa pipeline: fail on Lintian warnings + * d/*.l-o: drop unused overrides + * kea-dev: build and install kea-msg-compiler. + Thanks to Quentin Armitage (Closes: #1065362) + * d/kea-dev.l-o: override no-manual-page for kea-msg-compiler + * ci: salsa pipeline: enable reprotest, without build_path variation. + Thanks to Holger Levsen + * d/p/0001-support_kfreebsd.patch: drop patch. + The development of Debian GNU/kFreeBSD terminated in July 2023. + * d/p/0011-kea-ctrl-agent-authentication.patch: add dep-3 headers + * d/*.init: fix SysV init scripts. + Thanks to Stefan Klein (Closes: #1055438) + * d/rules: disable LTO on ppc64el as it causes crashes. + Thanks to Sergio Durigan Junior (LP: #2055151) + + [ Andreas Hasenack ] + * apparmor: also allow reading the pid file. + At least kea-ctrl-agent attempts to read the pid file, and it makes + sense to allow that. Also make the change for all other profiles. + + -- Paride Legovini <paride@debian.org> Fri, 29 Mar 2024 16:38:54 +0100 + isc-kea (2.4.1-2~progress7.99u1) graograman-backports; urgency=medium * Initial reupload to graograman-backports. diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init index 0dc99dd..3d1d5fa 100644 --- a/debian/kea-ctrl-agent.init +++ b/debian/kea-ctrl-agent.init @@ -6,9 +6,9 @@ # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Kea DHCP Control Agent for REST Service -# Description: <Enter a long description of the software> -# <...> -# <...> +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. ### END INIT INFO # Author: Jason Guy <jason.e.guy@gmail.com> # Do NOT "set -e" @@ -19,11 +19,11 @@ DESC=kea-ctrl-agent NAME=kea-ctrl-agent DAEMON=/usr/sbin/kea-ctrl-agent DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf" -PIDFILE=/run/$NAME.pid +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid SCRIPTNAME=/etc/init.d/$NAME -KEA_PIDFILE_DIR=/run/ -KEA_LOCKFILE_DIR=/run/lock/kea/ -KEA_LOGGER_DESTINATION=/var/log/kea/ +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -43,6 +43,15 @@ create_lockfile_dir() { if [ ! -d "$KEA_LOCKFILE_DIR" ]; then mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" + fi +} + +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" fi } @@ -52,13 +61,15 @@ create_lockfile_dir() do_start() { create_lockfile_dir + create_pidfile_dir + export KEA_LOCKFILE_DIR # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ $DAEMON_ARGS \ || return 2 } @@ -73,7 +84,7 @@ do_stop() # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks @@ -82,7 +93,7 @@ do_stop() # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE @@ -93,12 +104,7 @@ do_stop() # Function that sends a SIGHUP to the daemon/service # do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER return 0 } @@ -122,20 +128,12 @@ case "$1" in status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in diff --git a/debian/kea-ctrl-agent.lintian-overrides b/debian/kea-ctrl-agent.lintian-overrides deleted file mode 100644 index 735c4ac..0000000 --- a/debian/kea-ctrl-agent.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-ctrl-agent.service] -kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-ctrl-agent.service] diff --git a/debian/kea-dev.install b/debian/kea-dev.install index c32c7a8..9805c55 100644 --- a/debian/kea-dev.install +++ b/debian/kea-dev.install @@ -1,2 +1,3 @@ usr/include/kea/* usr/lib/*/libkea-*.so +usr/bin/kea-msg-compiler diff --git a/debian/kea-dev.lintian-overrides b/debian/kea-dev.lintian-overrides new file mode 100644 index 0000000..a87424b --- /dev/null +++ b/debian/kea-dev.lintian-overrides @@ -0,0 +1 @@ +kea-dev: no-manual-page [usr/bin/kea-msg-compiler] diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init index 2a1a135..c67be9e 100644 --- a/debian/kea-dhcp-ddns-server.init +++ b/debian/kea-dhcp-ddns-server.init @@ -6,9 +6,9 @@ # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Kea DHCP DDNS Server -# Description: <Enter a long description of the software> -# <...> -# <...> +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. ### END INIT INFO # Author: Adam Majer <adamm@zombino.com> # Do NOT "set -e" @@ -19,11 +19,11 @@ DESC=kea-dhcp-ddns NAME=kea-dhcp-ddns DAEMON=/usr/sbin/kea-dhcp-ddns DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf" -PIDFILE=/run/$NAME.pid +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/ddns.html#starting-and-stopping-the-dhcp-ddns-server SCRIPTNAME=/etc/init.d/$NAME -KEA_PIDFILE_DIR=/run/ -KEA_LOCKFILE_DIR=/run/lock/kea/ -KEA_LOGGER_DESTINATION=/var/log/kea/ +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -43,22 +43,39 @@ create_lockfile_dir() { if [ ! -d "$KEA_LOCKFILE_DIR" ]; then mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" fi } +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +setcap_binary() +{ + setcap "cap_net_bind_service" $DAEMON +} + # # Function that starts the daemon/service # do_start() { create_lockfile_dir + create_pidfile_dir + setcap_binary + export KEA_LOCKFILE_DIR # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ $DAEMON_ARGS \ || return 2 } @@ -73,7 +90,7 @@ do_stop() # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks @@ -82,7 +99,7 @@ do_stop() # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE @@ -93,12 +110,7 @@ do_stop() # Function that sends a SIGHUP to the daemon/service # do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER return 0 } @@ -122,20 +134,12 @@ case "$1" in status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in diff --git a/debian/kea-dhcp-ddns-server.lintian-overrides b/debian/kea-dhcp-ddns-server.lintian-overrides deleted file mode 100644 index a83cf9d..0000000 --- a/debian/kea-dhcp-ddns-server.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-dhcp-ddns-server.service] -kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-dhcp-ddns-server.service] diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init index bcf4ad8..c91aa61 100644 --- a/debian/kea-dhcp4-server.init +++ b/debian/kea-dhcp4-server.init @@ -6,9 +6,9 @@ # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Kea DHCP IPv4 Server -# Description: <Enter a long description of the software> -# <...> -# <...> +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. ### END INIT INFO # Author: Adam Majer <adamm@zombino.com> # Do NOT "set -e" @@ -19,11 +19,11 @@ DESC="kea-dhcp4" NAME=kea-dhcp4-server DAEMON=/usr/sbin/kea-dhcp4 DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf" -PIDFILE=/run/$NAME.pid +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-dhcp4.kea-dhcp4.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html SCRIPTNAME=/etc/init.d/$NAME -KEA_PIDFILE_DIR=/run/ -KEA_LOCKFILE_DIR=/run/lock/kea/ -KEA_LOGGER_DESTINATION=/var/log/kea/ +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -43,22 +43,39 @@ create_lockfile_dir() { if [ ! -d "$KEA_LOCKFILE_DIR" ]; then mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" fi } +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +setcap_binary() +{ + setcap "cap_net_bind_service,cap_net_raw=+ep" $DAEMON +} + # # Function that starts the daemon/service # do_start() { create_lockfile_dir + create_pidfile_dir + setcap_binary + export KEA_LOCKFILE_DIR # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ $DAEMON_ARGS \ || return 2 } @@ -73,7 +90,7 @@ do_stop() # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks @@ -82,7 +99,7 @@ do_stop() # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE @@ -93,12 +110,7 @@ do_stop() # Function that sends a SIGHUP to the daemon/service # do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER return 0 } @@ -122,20 +134,12 @@ case "$1" in status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init index 0aa0e27..7b57f01 100644 --- a/debian/kea-dhcp6-server.init +++ b/debian/kea-dhcp6-server.init @@ -6,9 +6,9 @@ # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Kea DHCP IPv6 Server -# Description: <Enter a long description of the software> -# <...> -# <...> +# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet +# Systems Consortium providing a very high-performance with +# PostgreSQL, MySQL and memfile backends. ### END INIT INFO # Author: Adam Majer <adamm@zombino.com> # Do NOT "set -e" @@ -19,11 +19,11 @@ DESC="kea-dhcp6" NAME=kea-dhcp6-server DAEMON=/usr/sbin/kea-dhcp6 DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf" -PIDFILE=/run/$NAME.pid +DAEMONUSER=_kea +PIDFILE=/run/kea/kea-dhcp6.kea-dhcp6.pid # depends on config-filename: https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html SCRIPTNAME=/etc/init.d/$NAME -KEA_PIDFILE_DIR=/run/ -KEA_LOCKFILE_DIR=/run/lock/kea/ -KEA_LOGGER_DESTINATION=/var/log/kea/ +KEA_PIDFILE_DIR=/run/kea +KEA_LOCKFILE_DIR=/run/lock/kea # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -43,22 +43,39 @@ create_lockfile_dir() { if [ ! -d "$KEA_LOCKFILE_DIR" ]; then mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR" fi } +create_pidfile_dir() +{ + if [ ! -d "$KEA_PIDFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_PIDFILE_DIR" + chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR" + fi +} + +setcap_binary() +{ + setcap "cap_net_bind_service" $DAEMON +} + # # Function that starts the daemon/service # do_start() { create_lockfile_dir + create_pidfile_dir + setcap_binary + export KEA_LOCKFILE_DIR # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -c $DAEMONUSER -- \ $DAEMON_ARGS \ || return 2 } @@ -73,7 +90,7 @@ do_stop() # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks @@ -82,7 +99,7 @@ do_stop() # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --user $DAEMONUSER [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE @@ -93,12 +110,7 @@ do_stop() # Function that sends a SIGHUP to the daemon/service # do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON --user $DAEMONUSER return 0 } @@ -122,20 +134,12 @@ case "$1" in status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in diff --git a/debian/patches/0001-support_kfreebsd.patch b/debian/patches/0001-support_kfreebsd.patch deleted file mode 100644 index 123113b..0000000 --- a/debian/patches/0001-support_kfreebsd.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Adam Majer <adamm@zombino.com> -Date: Fri, 13 Jul 2018 17:06:51 +0000 -Subject: support_kfreebsd - ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -457,7 +457,7 @@ - [AC_MSG_RESULT([OS X >= 10.9]) - kea_undefined_pthread_behavior=yes]) - ;; --*-freebsd*) -+*-freebsd*|*-kfreebsd*) - # On FreeBSD10.1 pthread_cond_destroy doesn't work as documented, which - # causes the CondVarTest.destroyWhileWait test to fail. According to the - # pthread_cond_destroy documentation for FreeBSD, this function should -@@ -555,7 +555,7 @@ - BSD_TYPE="OSX" - CPPFLAGS="$CPPFLAGS -DOS_BSD" - ;; -- *-freebsd*) -+ *-freebsd*|*-kfreebsd*) - AC_DEFINE([OS_BSD], [1], [Running on BSD?]) - AC_DEFINE([OS_FREEBSD], [1], [Running on FreeBSD?]) - OS_TYPE="BSD" diff --git a/debian/patches/0011-kea-ctrl-agent-authentication.patch b/debian/patches/0011-kea-ctrl-agent-authentication.patch index 1262bbc..d965fbc 100644 --- a/debian/patches/0011-kea-ctrl-agent-authentication.patch +++ b/debian/patches/0011-kea-ctrl-agent-authentication.patch @@ -1,3 +1,10 @@ +Description: Set kea-ctrl-agent up to require a password. +Author: Andreas Hasenack <andreas.hasenack@canonical.com> +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2007312 +Last-Update: 2023-03-17 + diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre index e6ae8b8a..f7e3fed2 100644 --- a/src/bin/keactrl/kea-ctrl-agent.conf.pre diff --git a/debian/patches/series b/debian/patches/series index 7bafbb0..d18b4f5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,3 @@ -0001-support_kfreebsd.patch 0002-kea_admin_fix.patch 0009-disable-database-tests.patch 0010-set-control-sockets-location.patch diff --git a/debian/rules b/debian/rules index 6e2b45e..ec21498 100755 --- a/debian/rules +++ b/debian/rules @@ -9,6 +9,13 @@ include /usr/share/dpkg/pkg-info.mk # see FEATURE AREAS in dpkg-buildflags(1) export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# Disable LTO on ppc64el as it causes crashes (LP: #2055151). +# This has been spotted in Ubuntu, where LTO is enabled by +# default, but it likely that Debian would be affected too. +ifeq ($(DEB_HOST_ARCH),ppc64el) +export DEB_BUILD_MAINT_OPTIONS += optimize=-lto +endif + %: dh $@ --with python3 -X.la @@ -22,6 +29,7 @@ override_dh_auto_configure: --with-pgsql \ --with-boost-libs=-lboost_system \ --enable-generate-docs \ + --enable-generate-messages \ --enable-shell \ --disable-static \ --disable-rpath \ diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml index 8d6a858..3c99ae9 100644 --- a/debian/salsa-ci.yml +++ b/debian/salsa-ci.yml @@ -3,5 +3,12 @@ include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml variables: - # The package isn't near to be reproducible. - SALSA_CI_DISABLE_REPROTEST: 1 + # FTCBFS because of missing build-deps that are unlikely to be fixed any soon. + SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1 + # Fail on Lintian warnings + SALSA_CI_LINTIAN_FAIL_WARNING: 1 + SALSA_CI_LINTIAN_SUPPRESS_TAGS: >- + orig-tarball-missing-upstream-signature, + package-name-defined-in-config-h, + # Not reproducible when varying the build_path. + SALSA_CI_REPROTEST_ARGS: --variations=-build_path diff --git a/debian/tests/kea-ctrl-agent-debconf b/debian/tests/kea-ctrl-agent-debconf index c3456ca..5790977 100644 --- a/debian/tests/kea-ctrl-agent-debconf +++ b/debian/tests/kea-ctrl-agent-debconf @@ -12,6 +12,15 @@ cleanup() { trap cleanup EXIT +override_systemd_throttling() { + mkdir -p /run/systemd/system/kea-ctrl-agent.service.d + cat > /run/systemd/system/kea-ctrl-agent.service.d/override.conf <<EOF +[Unit] +StartLimitIntervalSec=0 +EOF + systemctl daemon-reload +} + check_perms() { local file="${1}" local wanted_perms="${2}" @@ -245,6 +254,9 @@ test_empty_password_via_debconf() { } +# we restart kea-ctrl-agent a lot during this test +override_systemd_throttling + test_fresh_install test_service_wont_start_without_pwfile test_configured_password diff --git a/debian/tests/smoke-tests b/debian/tests/smoke-tests index 99ae83a..2de85c4 100644 --- a/debian/tests/smoke-tests +++ b/debian/tests/smoke-tests @@ -15,6 +15,10 @@ kea_password_file="/etc/kea/kea-api-password" exit 1 } +# Arbitrary wait to allow for the services to start. +# This is needed to avoid having racy/flaky tests. +sleep 5 + # Check that the PID files are in the right location for f in kea-dhcp4.kea-dhcp4.pid kea-dhcp6.kea-dhcp6.pid kea-ctrl-agent.kea-ctrl-agent.pid kea-dhcp-ddns.kea-dhcp-ddns.pid; do test -f "/run/kea/$f" diff --git a/debian/usr.sbin.kea-ctrl-agent b/debian/usr.sbin.kea-ctrl-agent index fd4cca5..daef478 100644 --- a/debian/usr.sbin.kea-ctrl-agent +++ b/debian/usr.sbin.kea-ctrl-agent @@ -12,7 +12,7 @@ profile kea-ctrl-agent /usr/sbin/kea-ctrl-agent { /etc/kea/** r, /usr/sbin/kea-ctrl-agent mr, - owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid w, + owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid rw, owner /run/lock/kea/logger_lockfile rwk, # Control sockets diff --git a/debian/usr.sbin.kea-dhcp-ddns b/debian/usr.sbin.kea-dhcp-ddns index 5e7aa51..cb29b68 100644 --- a/debian/usr.sbin.kea-dhcp-ddns +++ b/debian/usr.sbin.kea-dhcp-ddns @@ -14,7 +14,7 @@ profile kea-dhcp-ddns /usr/sbin/kea-dhcp-ddns { /etc/kea/** r, /usr/sbin/kea-dhcp-ddns mr, - owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid w, + owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid rw, owner /run/lock/kea/logger_lockfile rwk, owner /run/kea/logger_lockfile rwk, diff --git a/debian/usr.sbin.kea-dhcp4 b/debian/usr.sbin.kea-dhcp4 index 9e8b202..20d2c82 100644 --- a/debian/usr.sbin.kea-dhcp4 +++ b/debian/usr.sbin.kea-dhcp4 @@ -26,7 +26,7 @@ profile kea-dhcp4 /usr/sbin/kea-dhcp4 { /usr/sbin/kea-dhcp4 mr, /usr/sbin/kea-lfc Px, - owner /run/kea/kea-dhcp4.kea-dhcp4.pid w, + owner /run/kea/kea-dhcp4.kea-dhcp4.pid rw, owner /run/lock/kea/logger_lockfile rwk, # Control sockets diff --git a/debian/usr.sbin.kea-dhcp6 b/debian/usr.sbin.kea-dhcp6 index a96b0bd..d8aca09 100644 --- a/debian/usr.sbin.kea-dhcp6 +++ b/debian/usr.sbin.kea-dhcp6 @@ -23,7 +23,7 @@ profile kea-dhcp6 /usr/sbin/kea-dhcp6 { /usr/sbin/kea-dhcp6 mr, /usr/sbin/kea-lfc Px, - owner /run/kea/kea-dhcp6.kea-dhcp6.pid w, + owner /run/kea/kea-dhcp6.kea-dhcp6.pid rw, owner /run/lock/kea/logger_lockfile rwk, # Control sockets |