diff options
| -rw-r--r-- | testing/kea/APKBUILD | 25 | ||||
| -rw-r--r-- | testing/kea/kea.initd.in | 5 | ||||
| -rw-r--r-- | testing/kea/kea.pre-install | 6 | ||||
| -rw-r--r-- | testing/kea/logs-location.patch | 69 |
4 files changed, 101 insertions, 4 deletions
diff --git a/testing/kea/APKBUILD b/testing/kea/APKBUILD index b8514f37b6..a9d588e38b 100644 --- a/testing/kea/APKBUILD +++ b/testing/kea/APKBUILD @@ -3,14 +3,17 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> pkgname=kea pkgver=1.7.2 -pkgrel=1 +pkgrel=2 pkgdesc="DHCPv4, DHCPv6 and DDNS server from ISC" url="http://kea.isc.org" arch="all !armhf !armv7" license="MPL2" depends="" checkdepends="procps" -makedepends="botan-dev log4cplus-dev boost-dev postgresql-dev mariadb-dev python3-dev" +makedepends="botan-dev libcap log4cplus-dev boost-dev postgresql-dev mariadb-dev python3-dev" +pkgusers="kea" +pkggroups="kea" +install="$pkgname.pre-install" subpackages=" $pkgname-doc $pkgname-static @@ -28,6 +31,7 @@ subpackages=" " source="https://ftp.isc.org/isc/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz disable-db-tests.patch + logs-location.patch kea.initd.in " validpgpkeys="BE0E9748B718253A28BB89FFF1B11BF05CF02E57" # Internet Systems Consortium, Inc. (Signing key, 2017-2018) <codesign@isc.org> @@ -67,7 +71,19 @@ check() { package() { make DESTDIR="$pkgdir" install - rm -Rf "$pkgdir"/run + cd "$pkgdir" + + # Allow kea to run under unpriviliged user. + local name; for name in kea-dhcp-ddns kea-dhcp4 kea-dhcp6; do + setcap 'cap_net_bind_service=+ep' ./usr/sbin/$name + done + setcap 'cap_net_raw=+ep' ./usr/sbin/kea-dhcp6 + + install -d -m 0750 -o kea -g kea \ + "$pkgdir"/var/log/kea \ + "$pkgdir"/var/lib/kea + + rm -Rf ./run } admin() { @@ -156,4 +172,5 @@ _install_initd() { sha512sums="f84bed2e1dacd172c7aed8e4d6c11ec5e79f37ad2c7991963fc9c4a1761668f9f0e105ba5c4deed06264ab2ec13b1b5787350d823de12fd3782223192e3653f2 kea-1.7.2.tar.gz 55780bbcbd79b81d55bdccd46da6ca6babe8b7894aa82948308dc4f8a0e2b5d33fad633276696c8ba7bd063026bb11ae529a096375d0572833c66e2132888775 disable-db-tests.patch -94378a20f92ce03863dfc7be207faa06ab2bd207224e7beb00b89a0e81209a7bf0de102699a2bece78a415750c6efd3589aa045160ad561752ee8a390ab379f9 kea.initd.in" +4336bb6708d51729065da4dd3a3e96bbcbac7716b4bbde360af3c4599719c2fa9362055ae6c00043e7581f2f4af5a51d24f2e8cfaabefdb1f4d545c24af33f94 logs-location.patch +57bed5c19aeb03218228a0b1244e7036ed80eaacb55e9799c9ba86619662f34c858512212b69b30c11b9b592ff776a82193ccd6fccffb6b3daa016e6d9197528 kea.initd.in" diff --git a/testing/kea/kea.initd.in b/testing/kea/kea.initd.in index b07314de3c..7d2b39617a 100644 --- a/testing/kea/kea.initd.in +++ b/testing/kea/kea.initd.in @@ -1,6 +1,8 @@ #!/sbin/openrc-run : ${cfgfile:="/etc/kea/@@NAME@@.conf"} +: ${command_user:="kea"} +: ${wait:=100} name="@@NAME@@" extra_commands="checkconfig" @@ -10,6 +12,7 @@ command="/usr/sbin/@@NAME@@" command_args="-c $cfgfile" command_background="yes" pidfile="/run/$RC_SVCNAME.pid" +start_stop_daemon_args="--wait $wait $start_stop_daemon_args" depend() { need net @@ -17,6 +20,8 @@ depend() { } start_pre() { + checkpath -d -m 0750 -o $command_user /run/kea /run/kea/lock + checkconfig } diff --git a/testing/kea/kea.pre-install b/testing/kea/kea.pre-install new file mode 100644 index 0000000000..820a35b364 --- /dev/null +++ b/testing/kea/kea.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S kea 2>/dev/null +adduser -S -D -H -h /var/lib/kea -s /sbin/nologin -G kea -g "Kea" kea 2>/dev/null + +exit 0 diff --git a/testing/kea/logs-location.patch b/testing/kea/logs-location.patch new file mode 100644 index 0000000000..b55233b7bf --- /dev/null +++ b/testing/kea/logs-location.patch @@ -0,0 +1,69 @@ +We have to move logs from /var/log to /var/log/kea to allow running +under unprivileged user. + +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -67,7 +67,7 @@ + // - syslog (logs to syslog) + // - syslog:name (logs to syslog using specified name) + // Any other value is considered a name of a time +- "output": "@localstatedir@/log/kea-ctrl-agent.log" ++ "output": "@localstatedir@/log/kea/kea-ctrl-agent.log" + + // Shorter log pattern suitable for use with systemd, + // avoids redundant information +--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre ++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre +@@ -44,7 +44,7 @@ + // - syslog (logs to syslog) + // - syslog:name (logs to syslog using specified name) + // Any other value is considered a name of a time +- "output": "@localstatedir@/log/kea-ddns.log" ++ "output": "@localstatedir@/log/kea/kea-ddns.log" + + // Shorter log pattern suitable for use with systemd, + // avoids redundant information +--- a/src/bin/keactrl/kea-dhcp4.conf.pre ++++ b/src/bin/keactrl/kea-dhcp4.conf.pre +@@ -428,7 +428,7 @@ + // - syslog (logs to syslog) + // - syslog:name (logs to syslog using specified name) + // Any other value is considered a name of a time +- "output": "@localstatedir@/log/kea-dhcp4.log" ++ "output": "@localstatedir@/log/kea/kea-dhcp4.log" + + // Shorter log pattern suitable for use with systemd, + // avoids redundant information +--- a/src/bin/keactrl/kea-dhcp6.conf.pre ++++ b/src/bin/keactrl/kea-dhcp6.conf.pre +@@ -353,7 +353,7 @@ + // - syslog (logs to syslog) + // - syslog:name (logs to syslog using specified name) + // Any other value is considered a name of a time +- "output": "@localstatedir@/log/kea-dhcp6.log" ++ "output": "@localstatedir@/log/kea/kea-dhcp6.log" + + // Shorter log pattern suitable for use with systemd, + // avoids redundant information +--- a/src/bin/keactrl/kea-netconf.conf.pre ++++ b/src/bin/keactrl/kea-netconf.conf.pre +@@ -69,7 +69,7 @@ + // - syslog (logs to syslog) + // - syslog:name (logs to syslog using specified name) + // Any other value is considered a name of a time +- "output": "@localstatedir@/log/kea-netconf.log" ++ "output": "@localstatedir@/log/kea/kea-netconf.log" + + // Shorter log pattern suitable for use with systemd, + // avoids redundant information +--- a/src/bin/keactrl/keactrl.in ++++ b/src/bin/keactrl/keactrl.in +@@ -333,7 +333,7 @@ + # to the default file. + if [ -z "${KEA_LOGGER_DESTINATION}" ]; then + prefix=@prefix@ +- export KEA_LOGGER_DESTINATION=@localstatedir@/log/kea.log ++ export KEA_LOGGER_DESTINATION=@localstatedir@/log/kea/kea.log + fi + + command=${1} |