[arch-commits] Commit in dhcp/trunk (6 files)
Christian Hesse
eworm at archlinux.org
Sun Mar 11 23:07:35 UTC 2018
Date: Sunday, March 11, 2018 @ 23:07:34
Author: eworm
Revision: 318657
upgpkg: dhcp 4.4.1-4
more systemd unit file security
Added:
dhcp/trunk/dhcp-tmpfiles.conf
Modified:
dhcp/trunk/PKGBUILD
dhcp/trunk/dhclient at .service
dhcp/trunk/dhcpd4.service
dhcp/trunk/dhcpd6.service
Deleted:
dhcp/trunk/dhcp.install
--------------------+
PKGBUILD | 14 +++++++-------
dhclient at .service | 5 ++++-
dhcp-tmpfiles.conf | 3 +++
dhcp.install | 14 --------------
dhcpd4.service | 7 +++++--
dhcpd6.service | 7 +++++--
6 files changed, 24 insertions(+), 26 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-03-11 21:12:10 UTC (rev 318656)
+++ PKGBUILD 2018-03-11 23:07:34 UTC (rev 318657)
@@ -7,7 +7,7 @@
# separate patch levels with a period to maintain proper versioning.
pkgver=4.4.1
-pkgrel=3
+pkgrel=4
arch=('x86_64')
license=('custom:isc-dhcp')
url="https://www.isc.org/software/dhcp"
@@ -15,6 +15,7 @@
validpgpkeys=('BE0E9748B718253A28BB89FFF1B11BF05CF02E57') # Internet Systems Consortium, Inc. (Signing key, 2017-2018) <codesign at isc.org>
source=("ftp://ftp.isc.org/isc/${pkgbase}/${pkgver}/${pkgbase}-${pkgver}.tar.gz"{,.asc}
'dhcp-sysusers.conf'
+ 'dhcp-tmpfiles.conf'
'dhcpd4.service'
'dhcpd6.service'
'dhclient at .service'
@@ -22,9 +23,10 @@
sha256sums=('2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608'
'SKIP'
'b16083e6bb572ffacaa7cd97e7fde5fcfa1b6dbeb166f162e2ec6e8ec4b928d6'
- '537b52307e2196775d79b7e7087fa7499189e26bc9a1737c9b75acd45a720920'
- '9a2a9bdf25871dfe875ed39d92a4d97852f9ad6c38fa74bd16cbc18e85986d3f'
- '259d004987b4759e0c9e1a8807a5baa3df74f1e0c57b058a9e1bc92ea41fcb6a'
+ 'abcd30e9e8428e34d22ab4d3074ef4bd84c2b11f5868597111b47d6f56d204da'
+ '03fce30efab819b2d928085b0bab962a33ce56fc376acae98ad9b30aa278c9c8'
+ 'f98a4438f4f69cab7cc5cce6927df4790ee993ebc8f88a169e63043c53d25625'
+ '86cd0b1e0ea1d47ab096f6ee925eee60545116fb887a155761eda589b30e4f0e'
'837a64189b949afae951655546967cc8f17f2f2cf370faabff00575364f0fcf7')
prepare() {
@@ -57,15 +59,13 @@
pkgdesc="A DHCP server, client, and relay agent"
depends=('glibc' 'libldap')
backup=('etc/dhcpd.conf' 'etc/dhcpd6.conf')
- install=dhcp.install
cd "${srcdir}/${pkgbase}-${pkgver}"
make DESTDIR="${pkgdir}" install
- install -d "${pkgdir}/var/lib/dhcp"
-
install -D -m644 "${srcdir}/dhcp-sysusers.conf" "${pkgdir}/usr/lib/sysusers.d/dhcp.conf"
+ install -D -m644 "${srcdir}/dhcp-tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/dhcp.conf"
install -D -m644 "${srcdir}/dhcpd4.service" "${pkgdir}/usr/lib/systemd/system/dhcpd4.service"
install -D -m644 "${srcdir}/dhcpd6.service" "${pkgdir}/usr/lib/systemd/system/dhcpd6.service"
Modified: dhclient at .service
===================================================================
--- dhclient at .service 2018-03-11 21:12:10 UTC (rev 318656)
+++ dhclient at .service 2018-03-11 23:07:34 UTC (rev 318657)
@@ -4,7 +4,10 @@
Before=network.target
[Service]
-ExecStart=/usr/bin/dhclient -d %I
+ExecStart=/usr/bin/dhclient -pf /run/dhclient@%i/dhclient.pid -d %I
+RuntimeDirectory=dhclient@%i
+ProtectSystem=on
+ProtectHome=on
[Install]
WantedBy=multi-user.target
Added: dhcp-tmpfiles.conf
===================================================================
--- dhcp-tmpfiles.conf (rev 0)
+++ dhcp-tmpfiles.conf 2018-03-11 23:07:34 UTC (rev 318657)
@@ -0,0 +1,3 @@
+d /var/lib/dhcp 0750 dhcp dhcp -
+f /var/lib/dhcp/dhcpd.leases 0640 dhcp dhcp -
+f /var/lib/dhcp/dhcpd6.leases 0640 dhcp dhcp -
Deleted: dhcp.install
===================================================================
--- dhcp.install 2018-03-11 21:12:10 UTC (rev 318656)
+++ dhcp.install 2018-03-11 23:07:34 UTC (rev 318657)
@@ -1,14 +0,0 @@
-post_install() {
- [[ -f var/lib/dhcp/dhcpd.leases ]] || : >var/lib/dhcp/dhcpd.leases
- [[ -f var/lib/dhcp/dhcpd6.leases ]] || : >var/lib/dhcp/dhcpd6.leases
-}
-
-post_upgrade() {
- if (( $(vercmp $2 4.2.4.2) < 0 )); then
- echo ">>> Lease directory moved from /var/state/dhcp"
- echo " to /var/lib/dhcp. Move your old lease files"
- echo " if you want to keep using them."
- fi
-
- post_install
-}
Modified: dhcpd4.service
===================================================================
--- dhcpd4.service 2018-03-11 21:12:10 UTC (rev 318656)
+++ dhcpd4.service 2018-03-11 23:07:34 UTC (rev 318657)
@@ -5,8 +5,11 @@
[Service]
Type=forking
-PIDFile=/run/dhcpd4.pid
-ExecStart=/usr/bin/dhcpd -4 -q -user dhcp -cf /etc/dhcpd.conf -pf /run/dhcpd4.pid
+ExecStart=/usr/bin/dhcpd -4 -q -cf /etc/dhcpd.conf -pf /run/dhcpd4/dhcpd.pid
+RuntimeDirectory=dhcpd4
+PIDFile=/run/dhcpd4/dhcpd.pid
+User=dhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
ProtectSystem=full
ProtectHome=on
KillSignal=SIGINT
Modified: dhcpd6.service
===================================================================
--- dhcpd6.service 2018-03-11 21:12:10 UTC (rev 318656)
+++ dhcpd6.service 2018-03-11 23:07:34 UTC (rev 318657)
@@ -5,8 +5,11 @@
[Service]
Type=forking
-PIDFile=/run/dhcpd6.pid
-ExecStart=/usr/bin/dhcpd -6 -q -user dhcp -cf /etc/dhcpd6.conf -pf /run/dhcpd6.pid
+ExecStart=/usr/bin/dhcpd -6 -q -cf /etc/dhcpd6.conf -pf /run/dhcpd6/dhcpd.pid
+RuntimeDirectory=dhcpd6
+PIDFile=/run/dhcpd6/dhcpd.pid
+User=dhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
ProtectSystem=full
ProtectHome=on
KillSignal=SIGINT
More information about the arch-commits
mailing list