[arch-commits] Commit in dhcp/trunk (4 files)
Christian Hesse
eworm at archlinux.org
Tue Oct 10 11:11:34 UTC 2017
Date: Tuesday, October 10, 2017 @ 11:11:34
Author: eworm
Revision: 307301
upgpkg: dhcp 4.3.6-2
add system user and drop privileges
Added:
dhcp/trunk/dhcp-sysusers.conf
Modified:
dhcp/trunk/PKGBUILD
dhcp/trunk/dhcpd4.service
dhcp/trunk/dhcpd6.service
--------------------+
PKGBUILD | 15 +++++++++++----
dhcp-sysusers.conf | 1 +
dhcpd4.service | 4 +++-
dhcpd6.service | 4 +++-
4 files changed, 18 insertions(+), 6 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-10-10 10:38:22 UTC (rev 307300)
+++ PKGBUILD 2017-10-10 11:11:34 UTC (rev 307301)
@@ -8,7 +8,7 @@
# separate patch levels with a period to maintain proper versioning.
pkgver=4.3.6
_pkgver=4.3.6
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
license=('custom:isc-dhcp')
url="https://www.isc.org/software/dhcp"
@@ -15,6 +15,7 @@
makedepends=('bash' 'iproute2')
validpgpkeys=('BE0E9748B718253A28BB89FFF1B11BF05CF02E57') # Internet Systems Consortium, Inc. (Signing key, 2017-2018) <codesign at isc.org>
source=(ftp://ftp.isc.org/isc/${pkgbase}/${_pkgver}/${pkgbase}-${_pkgver}.tar.gz{,.asc}
+ dhcp-sysusers.conf
dhcpd4.service
dhcpd6.service
dhclient at .service
@@ -21,8 +22,9 @@
0001-dhcp-honor-expired.patch)
sha256sums=('a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b'
'SKIP'
- '5adc0f06872c5b6d5cd9c181cd5dfa8f53bae6fb99554e16c9ea154e78112195'
- '6930df13badd451f3c15f3d68ca1068e3cb40912f9ed1863506417da119fb686'
+ 'b16083e6bb572ffacaa7cd97e7fde5fcfa1b6dbeb166f162e2ec6e8ec4b928d6'
+ '59164167861fe3eb5cef3582bc694e4b1e4d4ca96709103351b83e69ae05f8c8'
+ '7a67175680ae509e5bae406f80b692a02aec3c647386a5519b1de00e7eea1218'
'259d004987b4759e0c9e1a8807a5baa3df74f1e0c57b058a9e1bc92ea41fcb6a'
'97088096c5d880ecd889f4875ba89cf8eaf564bec772038e8976c22bd4896b18')
@@ -36,7 +38,11 @@
build() {
cd "${srcdir}/${pkgbase}-${_pkgver}"
- ./configure --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc \
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --sysconfdir=/etc \
+ --enable-paranoia \
--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
--with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
--with-cli-lease-file=/var/lib/dhclient/dhclient.leases \
@@ -57,6 +63,7 @@
install -d "${pkgdir}/var/lib/dhcp"
+ install -D -m644 "${srcdir}/dhcp-sysusers.conf" "${pkgdir}/usr/lib/sysusers.d/dhcp.conf"
install -D -m644 "${srcdir}/dhcpd4.service" "${pkgdir}/usr/lib/systemd/system/dhcpd4.service"
install -D -m644 "${srcdir}/dhcpd6.service" "${pkgdir}/usr/lib/systemd/system/dhcpd6.service"
Added: dhcp-sysusers.conf
===================================================================
--- dhcp-sysusers.conf (rev 0)
+++ dhcp-sysusers.conf 2017-10-10 11:11:34 UTC (rev 307301)
@@ -0,0 +1 @@
+u dhcp - "DHCP daemon" /
Modified: dhcpd4.service
===================================================================
--- dhcpd4.service 2017-10-10 10:38:22 UTC (rev 307300)
+++ dhcpd4.service 2017-10-10 11:11:34 UTC (rev 307301)
@@ -6,7 +6,9 @@
[Service]
Type=forking
PIDFile=/run/dhcpd4.pid
-ExecStart=/usr/bin/dhcpd -4 -q -cf /etc/dhcpd.conf -pf /run/dhcpd4.pid
+ExecStart=/usr/bin/dhcpd -4 -q -user dhcp -cf /etc/dhcpd.conf -pf /run/dhcpd4.pid
+ProtectSystem=full
+ProtectHome=on
KillSignal=SIGINT
[Install]
Modified: dhcpd6.service
===================================================================
--- dhcpd6.service 2017-10-10 10:38:22 UTC (rev 307300)
+++ dhcpd6.service 2017-10-10 11:11:34 UTC (rev 307301)
@@ -6,7 +6,9 @@
[Service]
Type=forking
PIDFile=/run/dhcpd6.pid
-ExecStart=/usr/bin/dhcpd -6 -q -cf /etc/dhcpd6.conf -pf /run/dhcpd6.pid
+ExecStart=/usr/bin/dhcpd -6 -q -user dhcp -cf /etc/dhcpd6.conf -pf /run/dhcpd6.pid
+ProtectSystem=full
+ProtectHome=on
KillSignal=SIGINT
[Install]
More information about the arch-commits
mailing list