Date: Sunday, March 11, 2018 @ 23:07:34
  Author: eworm
Revision: 318657

upgpkg: dhcp 4.4.1-4

more systemd unit file security

Added:
  dhcp/trunk/dhcp-tmpfiles.conf
Modified:
  dhcp/trunk/PKGBUILD
  dhcp/trunk/dhclient@.service
  dhcp/trunk/dhcpd4.service
  dhcp/trunk/dhcpd6.service
Deleted:
  dhcp/trunk/dhcp.install

--------------------+
 PKGBUILD           |   14 +++++++-------
 dhclient@.service  |    5 ++++-
 dhcp-tmpfiles.conf |    3 +++
 dhcp.install       |   14 --------------
 dhcpd4.service     |    7 +++++--
 dhcpd6.service     |    7 +++++--
 6 files changed, 24 insertions(+), 26 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2018-03-11 21:12:10 UTC (rev 318656)
+++ PKGBUILD    2018-03-11 23:07:34 UTC (rev 318657)
@@ -7,7 +7,7 @@
 
 # separate patch levels with a period to maintain proper versioning.
 pkgver=4.4.1
-pkgrel=3
+pkgrel=4
 arch=('x86_64')
 license=('custom:isc-dhcp')
 url="https://www.isc.org/software/dhcp";
@@ -15,6 +15,7 @@
 validpgpkeys=('BE0E9748B718253A28BB89FFF1B11BF05CF02E57') # Internet Systems 
Consortium, Inc. (Signing key, 2017-2018) <codes...@isc.org>
 
source=("ftp://ftp.isc.org/isc/${pkgbase}/${pkgver}/${pkgbase}-${pkgver}.tar.gz"{,.asc}
         'dhcp-sysusers.conf'
+        'dhcp-tmpfiles.conf'
         'dhcpd4.service'
         'dhcpd6.service'
         'dhclient@.service'
@@ -22,9 +23,10 @@
 sha256sums=('2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608'
             'SKIP'
             'b16083e6bb572ffacaa7cd97e7fde5fcfa1b6dbeb166f162e2ec6e8ec4b928d6'
-            '537b52307e2196775d79b7e7087fa7499189e26bc9a1737c9b75acd45a720920'
-            '9a2a9bdf25871dfe875ed39d92a4d97852f9ad6c38fa74bd16cbc18e85986d3f'
-            '259d004987b4759e0c9e1a8807a5baa3df74f1e0c57b058a9e1bc92ea41fcb6a'
+            'abcd30e9e8428e34d22ab4d3074ef4bd84c2b11f5868597111b47d6f56d204da'
+            '03fce30efab819b2d928085b0bab962a33ce56fc376acae98ad9b30aa278c9c8'
+            'f98a4438f4f69cab7cc5cce6927df4790ee993ebc8f88a169e63043c53d25625'
+            '86cd0b1e0ea1d47ab096f6ee925eee60545116fb887a155761eda589b30e4f0e'
             '837a64189b949afae951655546967cc8f17f2f2cf370faabff00575364f0fcf7')
 
 prepare() {
@@ -57,15 +59,13 @@
   pkgdesc="A DHCP server, client, and relay agent"
   depends=('glibc' 'libldap')
   backup=('etc/dhcpd.conf' 'etc/dhcpd6.conf')
-  install=dhcp.install
 
   cd "${srcdir}/${pkgbase}-${pkgver}"
 
   make DESTDIR="${pkgdir}" install
 
-  install -d "${pkgdir}/var/lib/dhcp"
-
   install -D -m644 "${srcdir}/dhcp-sysusers.conf" 
"${pkgdir}/usr/lib/sysusers.d/dhcp.conf"
+  install -D -m644 "${srcdir}/dhcp-tmpfiles.conf" 
"${pkgdir}/usr/lib/tmpfiles.d/dhcp.conf"
   install -D -m644 "${srcdir}/dhcpd4.service" 
"${pkgdir}/usr/lib/systemd/system/dhcpd4.service"
   install -D -m644 "${srcdir}/dhcpd6.service" 
"${pkgdir}/usr/lib/systemd/system/dhcpd6.service"
 

Modified: dhclient@.service
===================================================================
--- dhclient@.service   2018-03-11 21:12:10 UTC (rev 318656)
+++ dhclient@.service   2018-03-11 23:07:34 UTC (rev 318657)
@@ -4,7 +4,10 @@
 Before=network.target
 
 [Service]
-ExecStart=/usr/bin/dhclient -d %I
+ExecStart=/usr/bin/dhclient -pf /run/dhclient@%i/dhclient.pid -d %I
+RuntimeDirectory=dhclient@%i
+ProtectSystem=on
+ProtectHome=on
 
 [Install]
 WantedBy=multi-user.target

Added: dhcp-tmpfiles.conf
===================================================================
--- dhcp-tmpfiles.conf                          (rev 0)
+++ dhcp-tmpfiles.conf  2018-03-11 23:07:34 UTC (rev 318657)
@@ -0,0 +1,3 @@
+d /var/lib/dhcp 0750 dhcp dhcp -
+f /var/lib/dhcp/dhcpd.leases 0640 dhcp dhcp -
+f /var/lib/dhcp/dhcpd6.leases 0640 dhcp dhcp -

Deleted: dhcp.install
===================================================================
--- dhcp.install        2018-03-11 21:12:10 UTC (rev 318656)
+++ dhcp.install        2018-03-11 23:07:34 UTC (rev 318657)
@@ -1,14 +0,0 @@
-post_install() {
-  [[ -f var/lib/dhcp/dhcpd.leases ]] || : >var/lib/dhcp/dhcpd.leases
-  [[ -f var/lib/dhcp/dhcpd6.leases ]] || : >var/lib/dhcp/dhcpd6.leases
-}
-
-post_upgrade() {
-  if (( $(vercmp $2 4.2.4.2) < 0 )); then
-    echo ">>> Lease directory moved from /var/state/dhcp"
-    echo "    to /var/lib/dhcp. Move your old lease files"
-    echo "    if you want to keep using them."
-  fi
-
-  post_install
-}

Modified: dhcpd4.service
===================================================================
--- dhcpd4.service      2018-03-11 21:12:10 UTC (rev 318656)
+++ dhcpd4.service      2018-03-11 23:07:34 UTC (rev 318657)
@@ -5,8 +5,11 @@
 
 [Service]
 Type=forking
-PIDFile=/run/dhcpd4.pid
-ExecStart=/usr/bin/dhcpd -4 -q -user dhcp -cf /etc/dhcpd.conf -pf 
/run/dhcpd4.pid
+ExecStart=/usr/bin/dhcpd -4 -q -cf /etc/dhcpd.conf -pf /run/dhcpd4/dhcpd.pid
+RuntimeDirectory=dhcpd4
+PIDFile=/run/dhcpd4/dhcpd.pid
+User=dhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
 ProtectSystem=full
 ProtectHome=on
 KillSignal=SIGINT

Modified: dhcpd6.service
===================================================================
--- dhcpd6.service      2018-03-11 21:12:10 UTC (rev 318656)
+++ dhcpd6.service      2018-03-11 23:07:34 UTC (rev 318657)
@@ -5,8 +5,11 @@
 
 [Service]
 Type=forking
-PIDFile=/run/dhcpd6.pid
-ExecStart=/usr/bin/dhcpd -6 -q -user dhcp -cf /etc/dhcpd6.conf -pf 
/run/dhcpd6.pid
+ExecStart=/usr/bin/dhcpd -6 -q -cf /etc/dhcpd6.conf -pf /run/dhcpd6/dhcpd.pid
+RuntimeDirectory=dhcpd6
+PIDFile=/run/dhcpd6/dhcpd.pid
+User=dhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
 ProtectSystem=full
 ProtectHome=on
 KillSignal=SIGINT

Reply via email to