Re: NEW: net/dhcpcd-6.3.2

[Roy Marples]

On 19/03/2014 11:10, Stuart Henderson wrote:
I have a couple of ports tweaks:
- as it's not actually autoconf, it should use CONFIGURE_STYLE=simple
and set flags

- list http MASTER_SITES first, less chance of firewall issues

OK

- don't install dhcpcd-hooks/50-ypbind which says "This script is
only suitable for the Linux version"

Well, that's an error. It's actually for the NetBSD version.
I've amended the configure process to check for the OpenBSD version and 
adjust accordingly.
http://roy.marples.name/projects/dhcpcd/ci/35f125d07e?sbs=0 - attached 
as patch if you don't have a web interface.

We can either add the patch to the 6.3.2 port or just wait for the next 
dhcpcd release.

- there are various security issues relating to time setting, IMHO the
default config when installed as a package should not automatically
rewrite ntpd.conf

It appends and removes the DHCP configuration from the tail of 
ntpd.conf, it's never actually re-written entirely.
Can you explain why DHCP amending ntpd.conf is a security issue but not 
for resolv.conf?

Either way, it's better to either add `nohook ntp.conf` or `noption 
ntp_servers` because a DHCP server could force the NTP option 
information down without the client requesting it.


With these changes (diff below, updated tgz attached) it's ok sthen@
to import to ports.

Nice.

Let me know if you want any more changes or not and I'll make another 
.tgz, or you can.

RoyIndex: configure
==================================================================
--- configure
+++ configure
@@ -785,17 +785,27 @@
 	fi
 
 	printf "Checking for ypind ... "
 	YPBIND=$(_which ypbind)
 	if [ -n "$YPBIND" ]; then
-		if strings "$YPBIND" | $GREP -q yp.conf; then
+		if strings "$YPBIND" | $GREP -q yp\\.conf; then
 			YPHOOK="50-yp.conf"
-		else
+		elif strings "$YPBIND" | $GREP -q \\.ypservers; then
+			YPHOOK="50-ypbind"
+			echo "YPDOMAIN_DIR=	/var/yp" >>$CONFIG_MK
+			echo "YPDOMAIN_SUFFIX=.ypservers" >>$CONFIG_MK
+		elif strings "$YPBIND" | $GREP -q /etc/yp; then
 			YPHOOK="50-ypbind"
+			echo "YPDOMAIN_DIR=	/etc/yp" >>$CONFIG_MK
+			echo "YPDOMAIN_SUFFIX=" >>$CONFIG_MK
 		fi
-		echo "$YPBIND ($YPHOOK)"
-		HOOKS="$HOOKS${HOOKS:+ }$YPHOOK"
+		if [ -n "$YPHOOK" ]; then
+			echo "$YPBIND ($YPHOOK)"
+			HOOKS="$HOOKS${HOOKS:+ }$YPHOOK"
+		else
+			echo "unsupported version"
+		fi
 	else
 		echo "not found"
 	fi
 fi
 

DELETED dhcpcd-hooks/50-ypbind
Index: dhcpcd-hooks/50-ypbind
==================================================================
--- dhcpcd-hooks/50-ypbind
+++ dhcpcd-hooks/50-ypbind
@@ -1,78 +0,0 @@
-# Sample dhcpcd hook for ypbind
-# This script is only suitable for the Linux version.
-
-: ${ypbind_restart_cmd:=service_command ypbind restart}
-: ${ypbind_stop_cmd:=service_condcommand ypbind stop}
-ypbind_dir="$state_dir/ypbind"
-
-best_domain()
-{
-	local i=
-
-	for i in $interfaces; do
-		if [ -e "$ypbind_dir/$i" ]; then
-			cat "$ypbind_dir/$i"
-		fi
-	done
-	return 1
-}
-
-make_yp_binding()
-{
-	[ -d "$ypbind_dir" ] || mkdir -p "$ypbind_dir"
-	echo "$new_nis_domain" >"$ypbind_dir/$ifname"
-	local nd="$(best_domain)"
-
-	local cf=/var/yp/binding/"$new_nis_domain".ypservers
-	if [ -n "$new_nis_servers" ]; then
-		local ncf="$cf.$ifname" x=
-		rm -f "$ncf"
-		for x in $new_nis_servers; do
-			echo "$x" >>"$ncf"
-		done
-		change_file "$cf" "$ncf"
-	else
-		# Because this is not an if .. fi then we can use $? below
-		[ -e "$cf" ] && rm "$cf"
-	fi
-
-	if [ $? = 0 -o "$nd" != "$(domainname)" ]; then
-		domainname "$nd"
-		if [ -n "$ypbind_restart_cmd" ]; then
-			eval $ypbind_restart_cmd
-		fi
-	fi
-}
-
-restore_yp_binding()
-{
-	rm -f "$ypbind_dir/$ifname"
-	local nd="$(best_domain)"
-	# We need to stop ypbind if there is no best domain
-	# otherwise it will just stall as we cannot set domainname
-	# to blank :/
-	if [ -z "$nd" ]; then
-		if [ -n "$ypbind_stop_cmd" ]; then
-			eval $ypbind_stop_cmd
-		fi
-	elif [ "$nd" != "$(domainname)" ]; then
-		domainname "$nd"
-		if [ -n "$ypbind_restart_cmd" ]; then
-			eval $ypbind_restart_cmd
-		fi
-	fi
-}
-
-if [ "$reason" = PREINIT ]; then
-	rm -f "$ypbind_dir/$ifname"
-elif $if_up || $if_down; then
-	if [ -n "$new_nis_domain" ]; then
-		if valid_domainname "$new_nis_domain"; then
-			make_yp_binding
-		else
-			syslog err "Invalid NIS domain name: $new_nis_domain"
-		fi
-	elif [ -n "$old_nis_domain" ]; then
-		restore_yp_binding
-	fi
-fi

ADDED   dhcpcd-hooks/50-ypbind.in
Index: dhcpcd-hooks/50-ypbind.in
==================================================================
--- dhcpcd-hooks/50-ypbind.in
+++ dhcpcd-hooks/50-ypbind.in
@@ -0,0 +1,85 @@
+# Sample dhcpcd hook for ypbind
+# This script is only suitable for the NetBSD and OpenBSD versions.
+
+: ${ypbind_restart_cmd:=service_command ypbind restart}
+: ${ypbind_stop_cmd:=service_condcommand ypbind stop}
+ypbind_dir="$state_dir/ypbind"
+: ${ypdomain_dir:=@YPDOMAIN_DIR@}
+: ${ypdomain_suffix:=@YPDOMAIN_SUFFIX@}
+
+
+best_domain()
+{
+	local i=
+
+	for i in $interfaces; do
+		if [ -e "$ypbind_dir/$i" ]; then
+			cat "$ypbind_dir/$i"
+		fi
+	done
+	return 1
+}
+
+make_yp_binding()
+{
+	[ -d "$ypbind_dir" ] || mkdir -p "$ypbind_dir"
+	echo "$new_nis_domain" >"$ypbind_dir/$ifname"
+	local nd="$(best_domain)"
+
+	if [ -z "$ypdomain_dir" ]; then
+		false
+	else
+		local cf="$ypdomain_dir/$new_nis_domain$ypdomain_suffix"
+		if [ -n "$new_nis_servers" ]; then
+			local ncf="$cf.$ifname" x=
+			rm -f "$ncf"
+			for x in $new_nis_servers; do
+				echo "$x" >>"$ncf"
+			done
+			change_file "$cf" "$ncf"
+		else
+			[ -e "$cf" ] && rm "$cf"
+		fi
+	fi
+
+	if [ $? = 0 -o "$nd" != "$(domainname)" ]; then
+		domainname "$nd"
+		if [ -n "$ypbind_restart_cmd" ]; then
+			eval $ypbind_restart_cmd
+		fi
+	fi
+}
+
+restore_yp_binding()
+{
+
+	rm -f "$ypbind_dir/$ifname"
+	local nd="$(best_domain)"
+	# We need to stop ypbind if there is no best domain
+	# otherwise it will just stall as we cannot set domainname
+	# to blank :/
+	if [ -z "$nd" ]; then
+		if [ -n "$ypbind_stop_cmd" ]; then
+			eval $ypbind_stop_cmd
+		fi
+	elif [ "$nd" != "$(domainname)" ]; then
+		domainname "$nd"
+		if [ -n "$ypbind_restart_cmd" ]; then
+			eval $ypbind_restart_cmd
+		fi
+	fi
+}
+
+if [ "$reason" = PREINIT ]; then
+	rm -f "$ypbind_dir/$ifname"
+elif $if_up || $if_down; then
+	if [ -n "$new_nis_domain" ]; then
+		if valid_domainname "$new_nis_domain"; then
+			make_yp_binding
+		else
+			syslog err "Invalid NIS domain name: $new_nis_domain"
+		fi
+	elif [ -n "$old_nis_domain" ]; then
+		restore_yp_binding
+	fi
+fi

Index: dhcpcd-hooks/Makefile
==================================================================
--- dhcpcd-hooks/Makefile
+++ dhcpcd-hooks/Makefile
@@ -6,13 +6,20 @@
 SCRIPTS=	01-test 02-dump
 SCRIPTS+=	10-mtu 10-wpa_supplicant 15-timezone 20-resolv.conf
 SCRIPTS+=	29-lookup-hostname 30-hostname
 SCRIPTS+=	${HOOKSCRIPTS}
 
-all:
+50-ypbind: 50-ypbind.in
+	${SED} \
+		-e 's:@YPDOMAIN_DIR@:${YPDOMAIN_DIR}:g' \
+		-e 's:@YPDOMAIN_SUFFIX@:${YPDOMAIN_SUFFIX}:g' \
+		50-ypbind.in > $@
+
+all: ${HOOKSCRIPTS}
 
 clean:
+	rm -f 50-ypbind
 
 proginstall:
 	${INSTALL} -d ${DESTDIR}${SCRIPTSDIR}
 	${INSTALL} -m ${NONBINMODE} ${SCRIPTS} ${DESTDIR}${SCRIPTSDIR}