Date: Sunday, March 11, 2018 @ 23:07:34 Author: eworm Revision: 318657
upgpkg: dhcp 4.4.1-4 more systemd unit file security Added: dhcp/trunk/dhcp-tmpfiles.conf Modified: dhcp/trunk/PKGBUILD dhcp/trunk/[email protected] dhcp/trunk/dhcpd4.service dhcp/trunk/dhcpd6.service Deleted: dhcp/trunk/dhcp.install --------------------+ PKGBUILD | 14 +++++++------- [email protected] | 5 ++++- dhcp-tmpfiles.conf | 3 +++ dhcp.install | 14 -------------- dhcpd4.service | 7 +++++-- dhcpd6.service | 7 +++++-- 6 files changed, 24 insertions(+), 26 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-03-11 21:12:10 UTC (rev 318656) +++ PKGBUILD 2018-03-11 23:07:34 UTC (rev 318657) @@ -7,7 +7,7 @@ # separate patch levels with a period to maintain proper versioning. pkgver=4.4.1 -pkgrel=3 +pkgrel=4 arch=('x86_64') license=('custom:isc-dhcp') url="https://www.isc.org/software/dhcp"; @@ -15,6 +15,7 @@ validpgpkeys=('BE0E9748B718253A28BB89FFF1B11BF05CF02E57') # Internet Systems Consortium, Inc. (Signing key, 2017-2018) <[email protected]> source=("ftp://ftp.isc.org/isc/${pkgbase}/${pkgver}/${pkgbase}-${pkgver}.tar.gz"{,.asc} 'dhcp-sysusers.conf' + 'dhcp-tmpfiles.conf' 'dhcpd4.service' 'dhcpd6.service' '[email protected]' @@ -22,9 +23,10 @@ sha256sums=('2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608' 'SKIP' 'b16083e6bb572ffacaa7cd97e7fde5fcfa1b6dbeb166f162e2ec6e8ec4b928d6' - '537b52307e2196775d79b7e7087fa7499189e26bc9a1737c9b75acd45a720920' - '9a2a9bdf25871dfe875ed39d92a4d97852f9ad6c38fa74bd16cbc18e85986d3f' - '259d004987b4759e0c9e1a8807a5baa3df74f1e0c57b058a9e1bc92ea41fcb6a' + 'abcd30e9e8428e34d22ab4d3074ef4bd84c2b11f5868597111b47d6f56d204da' + '03fce30efab819b2d928085b0bab962a33ce56fc376acae98ad9b30aa278c9c8' + 'f98a4438f4f69cab7cc5cce6927df4790ee993ebc8f88a169e63043c53d25625' + '86cd0b1e0ea1d47ab096f6ee925eee60545116fb887a155761eda589b30e4f0e' '837a64189b949afae951655546967cc8f17f2f2cf370faabff00575364f0fcf7') prepare() { @@ -57,15 +59,13 @@ pkgdesc="A DHCP server, client, and relay agent" depends=('glibc' 'libldap') backup=('etc/dhcpd.conf' 'etc/dhcpd6.conf') - install=dhcp.install cd "${srcdir}/${pkgbase}-${pkgver}" make DESTDIR="${pkgdir}" install - install -d "${pkgdir}/var/lib/dhcp" - install -D -m644 "${srcdir}/dhcp-sysusers.conf" "${pkgdir}/usr/lib/sysusers.d/dhcp.conf" + install -D -m644 "${srcdir}/dhcp-tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/dhcp.conf" install -D -m644 "${srcdir}/dhcpd4.service" "${pkgdir}/usr/lib/systemd/system/dhcpd4.service" install -D -m644 "${srcdir}/dhcpd6.service" "${pkgdir}/usr/lib/systemd/system/dhcpd6.service" Modified: [email protected] =================================================================== --- [email protected] 2018-03-11 21:12:10 UTC (rev 318656) +++ [email protected] 2018-03-11 23:07:34 UTC (rev 318657) @@ -4,7 +4,10 @@ Before=network.target [Service] -ExecStart=/usr/bin/dhclient -d %I +ExecStart=/usr/bin/dhclient -pf /run/dhclient@%i/dhclient.pid -d %I +RuntimeDirectory=dhclient@%i +ProtectSystem=on +ProtectHome=on [Install] WantedBy=multi-user.target Added: dhcp-tmpfiles.conf =================================================================== --- dhcp-tmpfiles.conf (rev 0) +++ dhcp-tmpfiles.conf 2018-03-11 23:07:34 UTC (rev 318657) @@ -0,0 +1,3 @@ +d /var/lib/dhcp 0750 dhcp dhcp - +f /var/lib/dhcp/dhcpd.leases 0640 dhcp dhcp - +f /var/lib/dhcp/dhcpd6.leases 0640 dhcp dhcp - Deleted: dhcp.install =================================================================== --- dhcp.install 2018-03-11 21:12:10 UTC (rev 318656) +++ dhcp.install 2018-03-11 23:07:34 UTC (rev 318657) @@ -1,14 +0,0 @@ -post_install() { - [[ -f var/lib/dhcp/dhcpd.leases ]] || : >var/lib/dhcp/dhcpd.leases - [[ -f var/lib/dhcp/dhcpd6.leases ]] || : >var/lib/dhcp/dhcpd6.leases -} - -post_upgrade() { - if (( $(vercmp $2 4.2.4.2) < 0 )); then - echo ">>> Lease directory moved from /var/state/dhcp" - echo " to /var/lib/dhcp. Move your old lease files" - echo " if you want to keep using them." - fi - - post_install -} Modified: dhcpd4.service =================================================================== --- dhcpd4.service 2018-03-11 21:12:10 UTC (rev 318656) +++ dhcpd4.service 2018-03-11 23:07:34 UTC (rev 318657) @@ -5,8 +5,11 @@ [Service] Type=forking -PIDFile=/run/dhcpd4.pid -ExecStart=/usr/bin/dhcpd -4 -q -user dhcp -cf /etc/dhcpd.conf -pf /run/dhcpd4.pid +ExecStart=/usr/bin/dhcpd -4 -q -cf /etc/dhcpd.conf -pf /run/dhcpd4/dhcpd.pid +RuntimeDirectory=dhcpd4 +PIDFile=/run/dhcpd4/dhcpd.pid +User=dhcp +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW ProtectSystem=full ProtectHome=on KillSignal=SIGINT Modified: dhcpd6.service =================================================================== --- dhcpd6.service 2018-03-11 21:12:10 UTC (rev 318656) +++ dhcpd6.service 2018-03-11 23:07:34 UTC (rev 318657) @@ -5,8 +5,11 @@ [Service] Type=forking -PIDFile=/run/dhcpd6.pid -ExecStart=/usr/bin/dhcpd -6 -q -user dhcp -cf /etc/dhcpd6.conf -pf /run/dhcpd6.pid +ExecStart=/usr/bin/dhcpd -6 -q -cf /etc/dhcpd6.conf -pf /run/dhcpd6/dhcpd.pid +RuntimeDirectory=dhcpd6 +PIDFile=/run/dhcpd6/dhcpd.pid +User=dhcp +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW ProtectSystem=full ProtectHome=on KillSignal=SIGINT
