From 8fc015bd55d1cf88cbe52e25dfa72d5934f20928 Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:06:26 +0800 Subject: [PATCH 1/7] Remove adds-address-prefix-len-to-dhclient-cli.patch --- adds-address-prefix-len-to-dhclient-cli.patch | 78 ------------------- 1 file changed, 78 deletions(-) delete mode 100644 adds-address-prefix-len-to-dhclient-cli.patch diff --git a/adds-address-prefix-len-to-dhclient-cli.patch b/adds-address-prefix-len-to-dhclient-cli.patch deleted file mode 100644 index bd786cb..0000000 --- a/adds-address-prefix-len-to-dhclient-cli.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 3286e40ff01e78c172dfb0cdb684b58854af7604 Mon Sep 17 00:00:00 2001 -From: liuzhikang -Date: Thu, 31 Oct 2019 16:07:22 +0800 - -Signed-off-by: liuzhikang ---- - client/dhc6.c | 3 ++- - client/dhclient.c | 17 +++++++++++++++-- - 2 files changed, 17 insertions(+), 3 deletions(-) - -diff --git a/client/dhc6.c b/client/dhc6.c -index 5460ee1..fe0057c 100644 ---- a/client/dhc6.c -+++ b/client/dhc6.c -@@ -148,6 +148,7 @@ static int dhc6_score_lease(struct client_state *client, - - extern int onetry; - extern int stateless; -+extern int address_prefix_len; - - /* - * Assign DHCPv6 port numbers as a client. -@@ -4364,7 +4365,7 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, - (unsigned) addr->plen); - } else { - client_envadd(client, prefix, "ip6_prefixlen", -- "%d", DHCLIENT_DEFAULT_PREFIX_LEN); -+ "%d", address_prefix_len); - client_envadd(client, prefix, "ip6_address", - "%s", piaddr(addr->address)); - } -diff --git a/client/dhclient.c b/client/dhclient.c -index 62b90cf..9f8ba06 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -108,6 +108,7 @@ int require_all_ias = 0; /* If the user requires all of the IAs to - be available before accepting a lease - 0 = no, 1 = requries */ - int dad_wait_time = 0; -+int address_prefix_len = DHCLIENT_DEFAULT_PREFIX_LEN; - char *mockup_relay = NULL; - - char *progname = NULL; -@@ -190,9 +191,11 @@ usage(const char *sfmt, const char *sarg) - #ifdef DHCP4o6 - "[-4|-6] [-SNTPRI1dvrxi] [-nw] -4o6 ] [-p ]\n" - " [-D LL|LLT] [--dad-wait-time seconds]\n" -+ " [--address-prefix-len length]\n" - #else /* DHCP4o6 */ - "[-4|-6] [-SNTPRI1dvrxi] [-nw] [-p ]\n" -- " [-D LL|LLT] [--dad-wait-time seconds]\n" -+ " [-D LL|LLT] [--dad-wait-time seconds]\n" -+ " [--address-prefix-len length]\n" - #endif - #else /* DHCPv6 */ - "[-I1dvrxi] [-nw] [-p ] [-D LL|LLT] \n" -@@ -452,7 +455,17 @@ main(int argc, char **argv) { - if (errno || (*s != '\0') || (dad_wait_time < 0)) { - usage("Invalid value for --dad-wait-time: %s", argv[i]); - } -- -+ } else if (!strcmp(argv[i], "--address-prefix-len")) { -+ if (++i == argc) { -+ usage(use_noarg, argv[i-1]); -+ } -+ errno = 0; -+ address_prefix_len = (int)strtol(argv[i], &s, 10); -+ if (errno || (*s != '\0') || -+ (address_prefix_len < 0)) { -+ usage("Invalid value for" -+ " --address-prefix-len: %s", argv[i]); -+ } - #endif /* DHCPv6 */ - } else if (!strcmp(argv[i], "-D")) { - duid_v4 = 1; --- -2.19.1 - -- Gitee From b5b866d8c3a1fd38ab26473c608fc9335774756a Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:06:55 +0800 Subject: [PATCH 2/7] Remove dhcp-fix-dhclient-default-len-64-to-128.patch --- dhcp-fix-dhclient-default-len-64-to-128.patch | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 dhcp-fix-dhclient-default-len-64-to-128.patch diff --git a/dhcp-fix-dhclient-default-len-64-to-128.patch b/dhcp-fix-dhclient-default-len-64-to-128.patch deleted file mode 100644 index 1abbdf5..0000000 --- a/dhcp-fix-dhclient-default-len-64-to-128.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- dhcp-4.3.6/includes/site.h.bak 2019-09-03 09:41:12.816000000 -0400 -+++ dhcp-4.3.6/includes/site.h 2019-09-03 09:55:03.308000000 -0400 -@@ -286,7 +286,7 @@ - is a host address and doesn't include any on-link information. - 64 indicates that the first 64 bits are the subnet or on-link - prefix. */ --#define DHCLIENT_DEFAULT_PREFIX_LEN 64 -+#define DHCLIENT_DEFAULT_PREFIX_LEN 128 - - /* Enable the gentle shutdown signal handling. Currently this - means that on SIGINT or SIGTERM a client will release its -- Gitee From 686dc9fa4154b2fa6492271a8b8cdea09ddf8540 Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:08:27 +0800 Subject: [PATCH 3/7] Remove 0011-Drop-unnecessary-capabilities.patch --- 0011-Drop-unnecessary-capabilities.patch | 278 ----------------------- 1 file changed, 278 deletions(-) delete mode 100644 0011-Drop-unnecessary-capabilities.patch diff --git a/0011-Drop-unnecessary-capabilities.patch b/0011-Drop-unnecessary-capabilities.patch deleted file mode 100644 index 4277baf..0000000 --- a/0011-Drop-unnecessary-capabilities.patch +++ /dev/null @@ -1,278 +0,0 @@ -From 3b37f4b7bb3a17f8bd655be919915a1912062ea6 Mon Sep 17 00:00:00 2001 -From: Pavel Zhukov -Date: Thu, 21 Feb 2019 10:30:28 +0100 -Subject: [PATCH 11/26] Drop unnecessary capabilities -Cc: pzhukov@redhat.com - -dhclient (#517649, #546765), dhcpd/dhcrelay (#699713) ---- - client/Makefile.am | 3 ++- - client/dhclient-script.8 | 10 ++++++++++ - client/dhclient.8 | 29 +++++++++++++++++++++++++++++ - client/dhclient.c | 24 ++++++++++++++++++++++++ - configure.ac | 35 +++++++++++++++++++++++++++++++++++ - relay/Makefile.am | 3 ++- - relay/dhcrelay.c | 29 +++++++++++++++++++++++++++++ - 7 files changed, 131 insertions(+), 2 deletions(-) - -diff --git a/client/Makefile.am b/client/Makefile.am -index d177159..0689185 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -17,6 +17,7 @@ dhclient_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ - @BINDLIBIRSDIR@/libirs.@A@ \ - @BINDLIBDNSDIR@/libdns.@A@ \ - @BINDLIBISCCFGDIR@/libisccfg.@A@ \ -- @BINDLIBISCDIR@/libisc.@A@ -+ @BINDLIBISCDIR@/libisc.@A@ \ -+ $(CAPNG_LDADD) - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -diff --git a/client/dhclient-script.8 b/client/dhclient-script.8 -index 0db5516..2eddb8f 100644 ---- a/client/dhclient-script.8 -+++ b/client/dhclient-script.8 -@@ -243,6 +243,16 @@ repeatedly initialized to the values provided by one server, and then - the other. Assuming the information provided by both servers is - valid, this shouldn't cause any real problems, but it could be - confusing. -+.PP -+Normally, if dhclient was compiled with libcap-ng support, -+dhclient drops most capabilities immediately upon startup. -+While more secure, this greatly restricts the additional actions that -+hooks in dhclient-script can take. For example, any daemons that -+dhclient-script starts or restarts will inherit the restricted -+capabilities as well, which may interfere with their correct operation. -+Thus, the -+.BI \-nc -+option can be used to prevent dhclient from dropping capabilities. - .SH SEE ALSO - dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and - dhclient.leases(5). -diff --git a/client/dhclient.8 b/client/dhclient.8 -index 6d7fbdb..0145b9f 100644 ---- a/client/dhclient.8 -+++ b/client/dhclient.8 -@@ -134,6 +134,9 @@ dhclient - Dynamic Host Configuration Protocol Client - .B -w - ] - [ -+.B -nc -+] -+[ - .B -B - ] - [ -@@ -328,6 +331,32 @@ not to exit when it doesn't find any such interfaces. The - program can then be used to notify the client when a network interface - has been added or removed, so that the client can attempt to configure an IP - address on that interface. -+.TP -+.BI \-nc -+Do not drop capabilities. -+ -+Normally, if -+.B dhclient -+was compiled with libcap-ng support, -+.B dhclient -+drops most capabilities immediately upon startup. While more secure, -+this greatly restricts the additional actions that hooks in -+.B dhclient-script (8) -+can take. (For example, any daemons that -+.B dhclient-script (8) -+starts or restarts will inherit the restricted capabilities as well, -+which may interfere with their correct operation.) Thus, the -+.BI \-nc -+option can be used to prevent -+.B dhclient -+from dropping capabilities. -+ -+The -+.BI \-nc -+option is ignored if -+.B dhclient -+was not compiled with libcap-ng support. -+ - .TP - .BI \-n - Do not configure any interfaces. This is most likely to be useful in -diff --git a/client/dhclient.c b/client/dhclient.c -index a86ab9e..5d3f5bc 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -41,6 +41,10 @@ - #include - #include - -+#ifdef HAVE_LIBCAP_NG -+#include -+#endif -+ - /* - * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define - * that when building ISC code. -@@ -266,6 +270,9 @@ main(int argc, char **argv) { - int timeout_arg = 0; - char *arg_conf = NULL; - int arg_conf_len = 0; -+#ifdef HAVE_LIBCAP_NG -+ int keep_capabilities = 0; -+#endif - - /* Initialize client globals. */ - memset(&default_duid, 0, sizeof(default_duid)); -@@ -665,6 +672,10 @@ main(int argc, char **argv) { - - dhclient_request_options = argv[i]; - -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (argv[i][0] == '-') { - usage("Unknown command: %s", argv[i]); - } else if (interfaces_requested < 0) { -@@ -725,6 +736,19 @@ main(int argc, char **argv) { - path_dhclient_script = s; - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_CAPS); -+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_DAC_OVERRIDE); // Drop this someday -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_ADMIN, CAP_NET_RAW, -+ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); -+ capng_apply(CAPNG_SELECT_CAPS); -+ } -+#endif -+ - /* Set up the initial dhcp option universe. */ - initialize_common_option_spaces(); - -diff --git a/configure.ac b/configure.ac -index a797438..15fc0d7 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -612,6 +612,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); - # Look for optional headers. - AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) - -+# look for capabilities library -+AC_ARG_WITH(libcap-ng, -+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, -+ with_libcap_ng=auto) -+ -+# Check for Libcap-ng API -+# -+# libcap-ng detection -+if test x$with_libcap_ng = xno ; then -+ have_libcap_ng=no; -+else -+ # Start by checking for header file -+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) -+ -+ # See if we have libcap-ng library -+ AC_CHECK_LIB(cap-ng, capng_clear, -+ CAPNG_LDADD=-lcap-ng,) -+ -+ # Check results are usable -+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then -+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) -+ fi -+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then -+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) -+ fi -+fi -+AC_SUBST(CAPNG_LDADD) -+AC_MSG_CHECKING(whether to use libcap-ng) -+if test x$CAPNG_LDADD != x ; then -+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) -+ AC_MSG_RESULT(yes) -+else -+ AC_MSG_RESULT(no) -+fi -+ - # Solaris needs some libraries for functions - AC_SEARCH_LIBS(socket, [socket]) - AC_SEARCH_LIBS(inet_ntoa, [nsl]) -diff --git a/relay/Makefile.am b/relay/Makefile.am -index 2ba5979..8900e0b 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -6,7 +6,8 @@ dhcrelay_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ - @BINDLIBIRSDIR@/libirs.@A@ \ - @BINDLIBDNSDIR@/libdns.@A@ \ - @BINDLIBISCCFGDIR@/libisccfg.@A@ \ -- @BINDLIBISCDIR@/libisc.@A@ -+ @BINDLIBISCDIR@/libisc.@A@ \ -+ $(CAPNG_LDADD) - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) - -diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c -index ea1be18..7b4f4f1 100644 ---- a/relay/dhcrelay.c -+++ b/relay/dhcrelay.c -@@ -32,6 +32,11 @@ - #include - #include - -+#ifdef HAVE_LIBCAP_NG -+# include -+ int keep_capabilities = 0; -+#endif -+ - TIME default_lease_time = 43200; /* 12 hours... */ - TIME max_lease_time = 86400; /* 24 hours... */ - struct tree_cache *global_options[256]; -@@ -590,6 +595,10 @@ main(int argc, char **argv) { - if (++i == argc) - usage(use_noarg, argv[i-1]); - dhcrelay_sub_id = argv[i]; -+#endif -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; - #endif - } else if (!strcmp(argv[i], "-pf")) { - if (++i == argc) -@@ -660,6 +669,17 @@ main(int argc, char **argv) { - #endif - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all unnecessary capabilities."); -+ } -+#endif -+ - if (!quiet) { - log_info("%s %s", message, PACKAGE_VERSION); - log_info(copyright); -@@ -816,6 +836,15 @@ main(int argc, char **argv) { - signal(SIGTERM, dhcp_signal_handler); /* kill */ - #endif - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop all capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all capabilities."); -+ } -+#endif -+ - /* Start dispatching packets and timeouts... */ - dispatch(); - --- -2.14.5 - -- Gitee From b0ea91639e73b3857afd984a17b3730862b53f3c Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:09:03 +0800 Subject: [PATCH 4/7] Remove bugfix-dhcp-4.2.5-check-dhclient-pid.patch --- bugfix-dhcp-4.2.5-check-dhclient-pid.patch | 75 ---------------------- 1 file changed, 75 deletions(-) delete mode 100644 bugfix-dhcp-4.2.5-check-dhclient-pid.patch diff --git a/bugfix-dhcp-4.2.5-check-dhclient-pid.patch b/bugfix-dhcp-4.2.5-check-dhclient-pid.patch deleted file mode 100644 index d771445..0000000 --- a/bugfix-dhcp-4.2.5-check-dhclient-pid.patch +++ /dev/null @@ -1,75 +0,0 @@ ---- a/client/dhclient.c 2019-01-25 14:34:46.996000000 +0800 -+++ b/client/dhclient.c 2019-01-25 14:34:16.382000000 +0800 -@@ -114,6 +114,8 @@ - - int bootp_broadcast_always = 0; - -+int buf_size = 128; -+ - extern struct option *default_requested_options[]; - - void run_stateless(int exit_mode, u_int16_t port); -@@ -129,6 +131,8 @@ - static void dhclient_ddns_cb_free(dhcp_ddns_cb_t *ddns_cb, - char* file, int line); - -+static int check_dhclient_pid(pid_t pid); -+ - /*! - * - * \brief Print the generic usage message -@@ -682,7 +686,8 @@ - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -- if (e != 0 && e != EOF && oldpid) { -+ if (e != 0 && e != EOF) { -+ if (oldpid && check_dhclient_pid(oldpid)) { - if (kill(oldpid, SIGTERM) == 0) { - log_info("Killed old client process"); - (void) unlink(path_dhclient_pid); -@@ -698,6 +703,7 @@ - log_info("Removed stale PID file"); - (void) unlink(path_dhclient_pid); - } -+ } - } - fclose(pidfd); - } else { -@@ -738,7 +744,7 @@ - oldpid = (pid_t)temp; - - if (e != 0 && e != EOF) { -- if (oldpid) { -+ if (oldpid && check_dhclient_pid(oldpid)) { - if (kill(oldpid, SIGTERM) == 0) - unlink(path_dhclient_pid); - } -@@ -6045,3 +6051,27 @@ - log_error("dhcp4o6_stop: send(): %m"); - } - #endif /* DHCPv6 && DHCP4o6 */ -+ -+static int check_dhclient_pid(pid_t pid) { -+ char proc_pid_path[buf_size]; -+ char task_name[buf_size]; -+ -+ memset(proc_pid_path, 0, buf_size); -+ memset(task_name, 0, buf_size); -+ -+ snprintf(proc_pid_path, buf_size - 1, "/proc/%d/comm", pid); -+ -+ FILE* fp = fopen(proc_pid_path, "r"); -+ if(fp != NULL) { -+ if( fgets(task_name, buf_size, fp) == NULL ) { -+ fclose(fp); -+ return 0; -+ } -+ fclose(fp); -+ if(strncmp(task_name, "dhclient", 8) == 0) { -+ return 1; -+ } -+ } -+ -+ return 0; -+} -- Gitee From 5e1fe8f0d79d69529bafa81e2a479b46f66ac646 Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:09:23 +0800 Subject: [PATCH 5/7] Remove dhcp.spec --- dhcp.spec | 347 ------------------------------------------------------ 1 file changed, 347 deletions(-) delete mode 100644 dhcp.spec diff --git a/dhcp.spec b/dhcp.spec deleted file mode 100644 index b8398b5..0000000 --- a/dhcp.spec +++ /dev/null @@ -1,347 +0,0 @@ -%global nmconfdir %{_sysconfdir}/NetworkManager -%global dhcpconfdir %{_sysconfdir}/dhcp - -Name: dhcp -Version: 4.4.2b1 -Release: 0 -Summary: Dynamic host configuration protocol software -#Please don't change the epoch on this package -Epoch: 12 -License: ISC -URL: https://www.isc.org/dhcp/ -Source0: http://ftp.isc.org/isc/dhcp/%{version}/dhcp-%{version}.tar.gz -Source1: dhclient-script -Source2: README.dhclient.d -Source3: 11-dhclient -Source5: 56dhclient -Source6: dhcpd.service -Source7: dhcpd6.service -Source8: dhcrelay.service - -Patch1 : 0001-change-bug-url.patch -Patch2 : 0002-additional-dhclient-options.patch -Patch3 : 0003-Handle-releasing-interfaces-requested-by-sbin-ifup.patch -Patch4 : 0004-Support-unicast-BOOTP-for-IBM-pSeries-systems-and-ma.patch -Patch5 : 0005-Change-default-requested-options.patch -Patch6 : 0006-Various-man-page-only-fixes.patch -Patch7 : 0007-Change-paths-to-conform-to-our-standards.patch -Patch8 : 0008-Make-sure-all-open-file-descriptors-are-closed-on-ex.patch -Patch9 : 0009-Fix-garbage-in-format-string-error.patch -Patch10 : 0010-Handle-null-timeout.patch -Patch11 : 0011-Drop-unnecessary-capabilities.patch -Patch12 : 0012-RFC-3442-Classless-Static-Route-Option-for-DHCPv4-51.patch -Patch13 : 0013-DHCPv6-over-PPP-support-626514.patch -Patch14 : 0014-IPoIB-support-660681.patch -Patch15 : 0015-Add-GUID-DUID-to-dhcpd-logs-1064416.patch -Patch16 : 0016-Turn-on-creating-sending-of-DUID.patch -Patch17 : 0017-Send-unicast-request-release-via-correct-interface.patch -Patch18 : 0018-No-subnet-declaration-for-iface-should-be-info-not-e.patch -Patch19 : 0019-dhclient-write-DUID_LLT-even-in-stateless-mode-11563.patch -Patch20 : 0020-Discover-all-hwaddress-for-xid-uniqueness.patch -Patch21 : 0021-Load-leases-DB-in-non-replay-mode-only.patch -Patch22 : 0022-dhclient-make-sure-link-local-address-is-ready-in-st.patch -Patch23 : 0023-option-97-pxe-client-id.patch -Patch24 : 0024-Detect-system-time-changes.patch -Patch25 : 0025-bind-Detect-system-time-changes.patch -Patch26 : 0026-Add-dhclient-5-B-option-description.patch -Patch27: 0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch - -#Patch6003: bugfix-dhcp-4.2.5-check-dhclient-pid.patch -#Patch6004: bugfix-reduce-getifaddr-calls.patch - -#Patch9000: dhcp-fix-dhclient-default-len-64-to-128.patch -#Patch9001: bugfix-dhcpd-2038-problem.patch -#Patch9002: adds-address-prefix-len-to-dhclient-cli.patch -#Patch9003: dhcpd-coredump-infiniband.patch -#Patch9004: bugfix-dhclient-check-if-pid-was-held.patch - -BuildRequires: gcc autoconf automake libtool openldap-devel krb5-devel libcap-ng-devel bind-export-devel -BuildRequires: systemd systemd-devel - -Requires: shadow-utils coreutils grep sed systemd gawk ipcalc iproute iputils - - -Provides: %{name}-common %{name}-libs %{name}-server %{name}-relay %{name}-compat %{name}-client -Obsoletes: %{name}-common %{name}-libs %{name}-server %{name}-relay %{name}-compat %{name}-client - - -Provides: dhcp = %{epoch}:%{version}-%{release} -Obsoletes: dhcp < %{epoch}:%{version}-%{release} - -Provides: dhclient = %{epoch}:%{version}-%{release} -Obsoletes: dhclient < %{epoch}:%{version}-%{release} - - -%description -The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks. - -%package devel -Summary: Development headers and libraries for interfacing to the DHCP server -Requires: %{name} = %{epoch}:%{version}-%{release} - -%description devel -Header files for using the ISC DHCP libraries. The -libdhcpctl and libomapi static libraries are also included in this package. - -%package_help - -%prep -%setup -n %{name}-%{version} -pushd bind -tar -xvf bind.tar.gz -ln -s bind-9* bind -popd -%autopatch -p1 -#rm bind/bind.tar.gz - -sed -i -e 's|/var/db/|%{_localstatedir}/lib/dhcpd/|g' contrib/dhcp-lease-list.pl - - -%build -autoreconf --verbose --force --install - -CFLAGS="%{optflags} -fno-strict-aliasing" \ -%configure --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ - --with-srv6-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd6.leases \ - --with-cli-lease-file=%{_localstatedir}/lib/dhclient/dhclient.leases \ - --with-cli6-lease-file=%{_localstatedir}/lib/dhclient/dhclient6.leases \ - --with-srv-pid-file=%{_localstatedir}/run/dhcpd.pid \ - --with-srv6-pid-file=%{_localstatedir}/run/dhcpd6.pid \ - --with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \ - --with-cli6-pid-file=%{_localstatedir}/run/dhclient6.pid \ - --with-relay-pid-file=%{_localstatedir}/run/dhcrelay.pid \ - --with-ldap --with-ldapcrypto --with-ldap-gssapi --disable-static --enable-log-pid --enable-paranoia --enable-early-chroot \ - --enable-binary-leases --with-systemd - -make - -%install -%make_install - -install -D -p -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/dhclient-script - -install -p -m 0644 %{SOURCE2} . - -mkdir -p $RPM_BUILD_ROOT%{dhcpconfdir}/dhclient.d - -mkdir -p $RPM_BUILD_ROOT%{nmconfdir}/dispatcher.d -install -p -m 0755 %{SOURCE3} $RPM_BUILD_ROOT%{nmconfdir}/dispatcher.d - -install -D -p -m 0755 %{SOURCE5} $RPM_BUILD_ROOT%{_libdir}/pm-utils/sleep.d/56dhclient - -mkdir -p $RPM_BUILD_ROOT%{_unitdir} -install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir} -install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} -install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} - -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dhcpd/ -touch $RPM_BUILD_ROOT%{_localstatedir}/lib/dhcpd/dhcpd.leases -touch $RPM_BUILD_ROOT%{_localstatedir}/lib/dhcpd/dhcpd6.leases -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dhclient/ - -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig -cat < %{buildroot}%{_sysconfdir}/sysconfig/dhcpd -# WARNING: This file is NOT used anymore. - -# If you are here to restrict what interfaces should dhcpd listen on, -# be aware that dhcpd listens *only* on interfaces for which it finds subnet -# declaration in dhcpd.conf. It means that explicitly enumerating interfaces -# also on command line should not be required in most cases. - -# If you still insist on adding some command line options, -# copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify -# it there. -# https://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F - -# example: -# $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/ -# $ vi /etc/systemd/system/dhcpd.service -# $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid -# $ systemctl --system daemon-reload -# $ systemctl restart dhcpd.service -EOF - -mkdir -p $RPM_BUILD_ROOT%{dhcpconfdir} -cat << EOF > %{buildroot}%{dhcpconfdir}/dhcpd.conf -# -# DHCP Server Configuration file. -# see /usr/share/doc/dhcp-server/dhcpd.conf.example -# see dhcpd.conf(5) man page -# -EOF -cat << EOF > %{buildroot}%{dhcpconfdir}/dhcpd6.conf -# -# DHCPv6 Server Configuration file. -# see /usr/share/doc/dhcp-server/dhcpd6.conf.example -# see dhcpd.conf(5) man page -# -EOF - -rm -f $RPM_BUILD_ROOT/usr/lib/debug/usr/sbin/dhcrelay-4.3.6-28.7.aarch64.debug -rm -f $RPM_BUILD_ROOT%{_sysconfdir}/dhclient.conf.example -rm -f $RPM_BUILD_ROOT%{_sysconfdir}/dhcpd.conf.example - - - -mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-client -mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-server -install -p -m 0755 doc/examples/dhclient-dhcpv6.conf $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-client/dhclient6.conf.example -install -p -m 0755 doc/examples/dhcpd-dhcpv6.conf $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-server/dhcpd6.conf.example - -install -D -p -m 0644 contrib/ldap/dhcp.schema $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/dhcp.schema - -find $RPM_BUILD_ROOT -type f -name "*.la" -delete -print - -%check -make check - -%pre -%global gid_uid 177 -if ! getent group dhcpd > /dev/null ; then - groupadd --force --gid %{gid_uid} --system dhcpd -fi - -if ! getent passwd dhcpd >/dev/null ; then - if ! getent passwd %{gid_uid} >/dev/null ; then - useradd --system --uid %{gid_uid} --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd - else - useradd --system --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd - fi -fi - - - -exit 0 - -%preun -%systemd_preun dhcpd.service dhcpd6.service dhcrelay.service - - -%post -/sbin/ldconfig -%systemd_post dhcpd.service dhcpd6.service dhcrelay.service - -for servicename in dhcpd dhcpd6 dhcrelay; do - etcservicefile=%{_sysconfdir}/systemd/system/${servicename}.service - if [ -f ${etcservicefile} ]; then - grep -q Type= ${etcservicefile} || sed -i '/\[Service\]/a Type=notify' ${etcservicefile} - sed -i 's/After=network.target/Wants=network-online.target\nAfter=network-online.target/' ${etcservicefile} - fi -done -exit 0 - -%postun -/sbin/ldconfig -%systemd_postun_with_restart dhcpd.service dhcpd6.service dhcrelay.service - -%files -%defattr(-,root,root) -%license LICENSE -%doc README RELNOTES doc/References.txt -%doc README.dhclient.d client/dhclient.conf.example -%doc contrib/ldap/ contrib/dhcp-lease-list.pl -%{_datadir}/doc/dhcp-client/dhclient6.conf.example -%{_datadir}/doc/dhcp-server/dhcpd6.conf.example -%dir %{_sysconfdir}/openldap/schema -%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema -%attr(0750,root,root) %dir %{dhcpconfdir} -%dir %{dhcpconfdir}/dhclient.d -%dir %{_sysconfdir}/NetworkManager -%dir %{_sysconfdir}/NetworkManager/dispatcher.d -%{_sysconfdir}/NetworkManager/dispatcher.d/11-dhclient -%attr(0644,root,root) %{_unitdir}/dhcpd.service -%attr(0644,root,root) %{_unitdir}/dhcpd6.service -%attr(0644,root,root) %{_unitdir}/dhcrelay.service -%attr(0644,dhcpd,dhcpd) %verify(mode) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases -%attr(0644,dhcpd,dhcpd) %verify(mode) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd6.leases -%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd -%config(noreplace) %{dhcpconfdir}/dhcpd.conf -%config(noreplace) %{dhcpconfdir}/dhcpd6.conf -%{_sbindir}/dhcpd -%{_sbindir}/dhclient -%{_sbindir}/dhclient-script -%{_sbindir}/dhcrelay -%{_bindir}/omshell -%attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56dhclient - -%files devel -%defattr(-,root,root) -%doc doc/IANA-arp-parameters doc/api+protocol -%{_includedir}/dhcpctl -%{_includedir}/omapip -%{_libdir}/libdhcp*.a -%{_libdir}/libomapi.a - - -%files help -%defattr(644,root,root) -%doc doc/* -%{_mandir}/man1/omshell.1.gz -%{_mandir}/man5/dhcpd.conf.5.gz -%{_mandir}/man5/dhcpd.leases.5.gz -%{_mandir}/man8/dhcpd.8.gz -%{_mandir}/man5/dhcp-options.5.gz -%{_mandir}/man5/dhcp-eval.5.gz -%{_mandir}/man5/dhclient.conf.5.gz -%{_mandir}/man5/dhclient.leases.5.gz -%{_mandir}/man8/dhclient.8.gz -%{_mandir}/man8/dhclient-script.8.gz -%{_mandir}/man8/dhcrelay.8.gz -%{_mandir}/man3/dhcpctl.3.gz -%{_mandir}/man3/omapi.3.gz - -%changelog -* Thu Apr 24 2020 zhanglu - 4.4.2b1 -- Type:requirement -- ID:NA -- SUG:restart -- DESC: update to 4.4.2b1 - -* Tue Mar 3 2020 zhanglu - 4.3.6-37 -- Type:bugfix -- ID:NA -- SUG:restart -- DESC: recheck if last pid was held by other process - -* Thu Feb 27 2020 zhanglu - 4.3.6-36 -- Type:bugfix -- ID:NA -- SUG:restart -- DESC: check if last pid when held by other process - -* Wed Jan 22 2020 zhanglu - 4.3.6-35 -- Type:bugfix -- ID:NA -- SUG:restart -- DESC: modify dhcpd coredump when discover interfaces - -* Sat Jan 11 2020 openEuler Buildteam - 4.3.6-34 -- Type:enhancement -- ID:NA -- SUG:NA -- DESC: delete patches - -* Tue Dec 24 2019 openEuler Buildteam - 4.3.6-33 -- rename doc subpackage as help subpackage - -* Sat Dec 21 2019 openEuler Buildteam - 4.3.6-32 -- Type:bugfix -- ID:NA -- SUG:NA -- DESC:Fix dhcpd 2038 problem; - Adds address prefix len to dhclient cli - -* Wed Sep 25 2019 openEuler Buildteam - 4.3.6-31 -- Type:bugfix -- ID:NA -- SUG:restart -- DESC: reducing getifaddrs calls and improving code performance - -* Mon Sep 9 2019 openEuler Buildteam - 4.3.6-30 -- Type:bugfix -- Id:NA -- SUG:NA -- DESC:Fix dhcp package installation failed - -* Thu Sep 5 2019 hufeng - 4.3.6-29 --Create dhcp spec -- Gitee From ecd0312b30618b44e74813dddee77eeafea53559 Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:09:51 +0800 Subject: [PATCH 6/7] Remove bugfix-reduce-getifaddr-calls.patch --- bugfix-reduce-getifaddr-calls.patch | 194 ---------------------------- 1 file changed, 194 deletions(-) delete mode 100644 bugfix-reduce-getifaddr-calls.patch diff --git a/bugfix-reduce-getifaddr-calls.patch b/bugfix-reduce-getifaddr-calls.patch deleted file mode 100644 index 730390b..0000000 --- a/bugfix-reduce-getifaddr-calls.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 722051d384b940091ed6f1acf60d22fdb65efde6 Mon Sep 17 00:00:00 2001 -From: LuZhang -Date: Thu, 19 Sep 2019 16:05:23 +0800 -Subject: [PATCH] Module: DHCP - -reason: reducing getifaddrs calls and improving running performance - -Signed-off-by: LuZhang ---- - common/discover.c | 5 +- - common/lpf.c | 113 ++++++++++++++++++++++++++++++++++++++++++++++ - includes/dhcpd.h | 5 ++ - 3 files changed, 122 insertions(+), 1 deletion(-) - -diff --git a/common/discover.c b/common/discover.c -index afa33eb..4033feb 100644 ---- a/common/discover.c -+++ b/common/discover.c -@@ -573,11 +573,14 @@ discover_interfaces(int state) { - int ir; - isc_result_t status; - int wifcount = 0; -+ struct ifaddrs *ifaddrs_start = NULL; - - static int setup_fallback = 0; - - if (!begin_iface_scan(&ifaces)) { - log_fatal("Can't get list of interfaces."); -+ } else { -+ ifaddrs_start = ifaces.head; - } - - /* If we already have a list of interfaces, and we're running as -@@ -636,7 +639,7 @@ discover_interfaces(int state) { - tmp = interfaces; /* XXX */ - } - if (tmp != NULL) -- try_hw_addr(tmp); -+ try_hw_addr2(tmp, ifaddrs_start); - - if (dhcp_interface_discovery_hook) { - (*dhcp_interface_discovery_hook)(tmp); -diff --git a/common/lpf.c b/common/lpf.c -index 9ec8a31..823ba6b 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -697,6 +697,119 @@ ioctl_get_ll(char *name) - return sll; - } - -+isc_result_t -+get_hw_addr3(struct interface_info *info, struct ifaddrs *ifaddrs_start) -+{ -+ struct hardware *hw = &info->hw_address; -+ char *name = info->name; -+ struct ifaddrs *ifaddrs = ifaddrs_start; -+ struct ifaddrs *ifa = NULL; -+ struct sockaddr_ll *sll = NULL; -+ int sll_allocated = 0; -+ char *dup = NULL; -+ char *colon = NULL; -+ isc_result_t result = ISC_R_SUCCESS; -+ -+ if (ifaddrs == NULL) -+ log_fatal("Failed to get interfaces"); -+ -+ if ((sll = get_ll(ifaddrs, &ifa, name)) == NULL) { -+ /* -+ * We were unable to get link-layer address for name. -+ * Fall back to ioctl(SIOCGIFHWADDR). -+ */ -+ sll = ioctl_get_ll(name); -+ if (sll != NULL) -+ sll_allocated = 1; -+ else -+ // shouldn't happen -+ log_fatal("Unexpected internal error"); -+ } -+ -+ switch (sll->sll_hatype) { -+ case ARPHRD_ETHER: -+ hw->hlen = 7; -+ hw->hbuf[0] = HTYPE_ETHER; -+ memcpy(&hw->hbuf[1], sll->sll_addr, 6); -+ break; -+ case ARPHRD_IEEE802: -+#ifdef ARPHRD_IEEE802_TR -+ case ARPHRD_IEEE802_TR: -+#endif /* ARPHRD_IEEE802_TR */ -+ hw->hlen = 7; -+ hw->hbuf[0] = HTYPE_IEEE802; -+ memcpy(&hw->hbuf[1], sll->sll_addr, 6); -+ break; -+ case ARPHRD_FDDI: -+ hw->hlen = 7; -+ hw->hbuf[0] = HTYPE_FDDI; -+ memcpy(&hw->hbuf[1], sll->sll_addr, 6); -+ break; -+ case ARPHRD_INFINIBAND: -+ dup = strdup(name); -+ /* Aliased infiniband interface is special case where -+ * neither get_ll() nor ioctl_get_ll() get's correct hw -+ * address, so we have to truncate the :0 and run -+ * get_ll() again for the rest. -+ */ -+ if ((colon = strchr(dup, ':')) != NULL) { -+ *colon = '\0'; -+ if ((sll = get_ll(ifaddrs, &ifa, dup)) == NULL) -+ log_fatal("Error getting hardware address for \"%s\": %m", name); -+ } -+ free (dup); -+ /* For Infiniband, save the broadcast address and store -+ * the port GUID into the hardware address. -+ */ -+ if (ifa && (ifa->ifa_flags & IFF_BROADCAST)) { -+ struct sockaddr_ll *bll; -+ -+ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; -+ memcpy(&info->bcast_addr, bll->sll_addr, 20); -+ } else { -+ memcpy(&info->bcast_addr, default_ib_bcast_addr, -+ 20); -+ } -+ -+ hw->hlen = HARDWARE_ADDR_LEN_IOCTL + 1; -+ hw->hbuf[0] = HTYPE_INFINIBAND; -+ memcpy(&hw->hbuf[1], -+ &sll->sll_addr[sll->sll_halen - HARDWARE_ADDR_LEN_IOCTL], -+ HARDWARE_ADDR_LEN_IOCTL); -+ break; -+#if defined(ARPHRD_PPP) -+ case ARPHRD_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("local_family != AF_INET6 for \"%s\"", -+ name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif -+ default: -+ log_error("Unsupported device type %hu for \"%s\"", -+ sll->sll_hatype, name); -+ result = ISC_R_NOTFOUND; -+ -+ } -+ -+ if (sll_allocated) -+ dfree(sll, MDL); -+ //freeifaddrs(ifaddrs); -+ return result; -+} -+ -+void try_hw_addr2(struct interface_info *info, struct ifaddrs *ifaddrs_start){ -+ get_hw_addr3(info, ifaddrs_start); -+} -+ - // define ? - void try_hw_addr(struct interface_info *info){ - get_hw_addr2(info); -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index 40b5bdc..c9260e7 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h -@@ -29,6 +29,7 @@ - /*! \file includes/dhcpd.h */ - - #include "config.h" -+#include - - #ifndef __CYGWIN32__ - #include -@@ -2595,6 +2596,10 @@ const char *print_time(TIME); - - void get_hw_addr(struct interface_info *info); - void try_hw_addr(struct interface_info *info); -+ -+void try_hw_addr2(struct interface_info *info, struct ifaddrs *ifaddrs_start); -+isc_result_t get_hw_addr3(struct interface_info *info, struct ifaddrs *ifaddrs_start); -+ - isc_result_t get_hw_addr2(struct interface_info *info); - char *buf_to_hex (const unsigned char *s, unsigned len, - const char *file, int line); --- -2.19.1 - - - -- Gitee From 851a5d4e199c89a59a4ca70f8c74d36b281c88b0 Mon Sep 17 00:00:00 2001 From: kircher Date: Fri, 29 May 2020 23:13:36 +0800 Subject: [PATCH 7/7] update patch --- 0011-Drop-unnecessary-capabilities.patch | 278 ++++++++++++++++ bugfix-dhcp-4.2.5-check-dhclient-pid.patch | 74 +++++ bugfix-reduce-getifaddr-calls.patch | 191 +++++++++++ dhcp.spec | 352 +++++++++++++++++++++ 4 files changed, 895 insertions(+) create mode 100644 0011-Drop-unnecessary-capabilities.patch create mode 100644 bugfix-dhcp-4.2.5-check-dhclient-pid.patch create mode 100644 bugfix-reduce-getifaddr-calls.patch create mode 100644 dhcp.spec diff --git a/0011-Drop-unnecessary-capabilities.patch b/0011-Drop-unnecessary-capabilities.patch new file mode 100644 index 0000000..36ac7bf --- /dev/null +++ b/0011-Drop-unnecessary-capabilities.patch @@ -0,0 +1,278 @@ +From 3b37f4b7bb3a17f8bd655be919915a1912062ea6 Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Thu, 21 Feb 2019 10:30:28 +0100 +Subject: [PATCH 11/26] Drop unnecessary capabilities +Cc: pzhukov@redhat.com + +dhclient (#517649, #546765), dhcpd/dhcrelay (#699713) +--- + client/Makefile.am | 3 ++- + client/dhclient-script.8 | 10 ++++++++++ + client/dhclient.8 | 29 +++++++++++++++++++++++++++++ + client/dhclient.c | 24 ++++++++++++++++++++++++ + configure.ac | 35 +++++++++++++++++++++++++++++++++++ + relay/Makefile.am | 3 ++- + relay/dhcrelay.c | 29 +++++++++++++++++++++++++++++ + 7 files changed, 131 insertions(+), 2 deletions(-) + +diff --git a/client/Makefile.am b/client/Makefile.am +index d177159..0689185 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -17,6 +17,7 @@ dhclient_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ + @BINDLIBIRSDIR@/libirs.@A@ \ + @BINDLIBDNSDIR@/libdns.@A@ \ + @BINDLIBISCCFGDIR@/libisccfg.@A@ \ +- @BINDLIBISCDIR@/libisc.@A@ ++ @BINDLIBISCDIR@/libisc.@A@ \ ++ $(CAPNG_LDADD) + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/client/dhclient-script.8 b/client/dhclient-script.8 +index 0db5516..2eddb8f 100644 +--- a/client/dhclient-script.8 ++++ b/client/dhclient-script.8 +@@ -243,6 +243,16 @@ repeatedly initialized to the values provided by one server, and then + the other. Assuming the information provided by both servers is + valid, this shouldn't cause any real problems, but it could be + confusing. ++.PP ++Normally, if dhclient was compiled with libcap-ng support, ++dhclient drops most capabilities immediately upon startup. ++While more secure, this greatly restricts the additional actions that ++hooks in dhclient-script can take. For example, any daemons that ++dhclient-script starts or restarts will inherit the restricted ++capabilities as well, which may interfere with their correct operation. ++Thus, the ++.BI \-nc ++option can be used to prevent dhclient from dropping capabilities. + .SH SEE ALSO + dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and + dhclient.leases(5). +diff --git a/client/dhclient.8 b/client/dhclient.8 +index 6d7fbdb..0145b9f 100644 +--- a/client/dhclient.8 ++++ b/client/dhclient.8 +@@ -134,6 +134,9 @@ dhclient - Dynamic Host Configuration Protocol Client + .B -w + ] + [ ++.B -nc ++] ++[ + .B -B + ] + [ +@@ -328,6 +331,32 @@ not to exit when it doesn't find any such interfaces. The + program can then be used to notify the client when a network interface + has been added or removed, so that the client can attempt to configure an IP + address on that interface. ++.TP ++.BI \-nc ++Do not drop capabilities. ++ ++Normally, if ++.B dhclient ++was compiled with libcap-ng support, ++.B dhclient ++drops most capabilities immediately upon startup. While more secure, ++this greatly restricts the additional actions that hooks in ++.B dhclient-script (8) ++can take. (For example, any daemons that ++.B dhclient-script (8) ++starts or restarts will inherit the restricted capabilities as well, ++which may interfere with their correct operation.) Thus, the ++.BI \-nc ++option can be used to prevent ++.B dhclient ++from dropping capabilities. ++ ++The ++.BI \-nc ++option is ignored if ++.B dhclient ++was not compiled with libcap-ng support. ++ + .TP + .BI \-n + Do not configure any interfaces. This is most likely to be useful in +diff --git a/client/dhclient.c b/client/dhclient.c +index a86ab9e..5d3f5bc 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -41,6 +41,10 @@ + #include + #include + ++#ifdef HAVE_LIBCAP_NG ++#include ++#endif ++ + /* + * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define + * that when building ISC code. +@@ -266,6 +270,9 @@ main(int argc, char **argv) { + int timeout_arg = 0; + char *arg_conf = NULL; + int arg_conf_len = 0; ++#ifdef HAVE_LIBCAP_NG ++ int keep_capabilities = 0; ++#endif + + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); +@@ -665,6 +672,10 @@ main(int argc, char **argv) { + + dhclient_request_options = argv[i]; + ++ } else if (!strcmp(argv[i], "-nc")) { ++#ifdef HAVE_LIBCAP_NG ++ keep_capabilities = 1; ++#endif + } else if (argv[i][0] == '-') { + usage("Unknown command: %s", argv[i]); + } else if (interfaces_requested < 0) { +@@ -725,6 +736,19 @@ main(int argc, char **argv) { + path_dhclient_script = s; + } + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_CAPS); ++ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_DAC_OVERRIDE); // Drop this someday ++ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_NET_ADMIN, CAP_NET_RAW, ++ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); ++ capng_apply(CAPNG_SELECT_CAPS); ++ } ++#endif ++ + /* Set up the initial dhcp option universe. */ + initialize_common_option_spaces(); + +diff --git a/configure.ac b/configure.ac +index a797438..15fc0d7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -612,6 +612,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); + # Look for optional headers. + AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) + ++# look for capabilities library ++AC_ARG_WITH(libcap-ng, ++ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, ++ with_libcap_ng=auto) ++ ++# Check for Libcap-ng API ++# ++# libcap-ng detection ++if test x$with_libcap_ng = xno ; then ++ have_libcap_ng=no; ++else ++ # Start by checking for header file ++ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) ++ ++ # See if we have libcap-ng library ++ AC_CHECK_LIB(cap-ng, capng_clear, ++ CAPNG_LDADD=-lcap-ng,) ++ ++ # Check results are usable ++ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then ++ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) ++ fi ++ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then ++ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) ++ fi ++fi ++AC_SUBST(CAPNG_LDADD) ++AC_MSG_CHECKING(whether to use libcap-ng) ++if test x$CAPNG_LDADD != x ; then ++ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) ++ AC_MSG_RESULT(yes) ++else ++ AC_MSG_RESULT(no) ++fi ++ + # Solaris needs some libraries for functions + AC_SEARCH_LIBS(socket, [socket]) + AC_SEARCH_LIBS(inet_ntoa, [nsl]) +diff --git a/relay/Makefile.am b/relay/Makefile.am +index 2ba5979..8900e0b 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -8,6 +8,7 @@ dhcrelay_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ + @BINDLIBIRSDIR@/libirs.@A@ \ + @BINDLIBDNSDIR@/libdns.@A@ \ + @BINDLIBISCCFGDIR@/libisccfg.@A@ \ +- @BINDLIBISCDIR@/libisc.@A@ ++ @BINDLIBISCDIR@/libisc.@A@ \ ++ $(CAPNG_LDADD) + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index ea1be18..7b4f4f1 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -32,6 +32,11 @@ + #include + #include + ++#ifdef HAVE_LIBCAP_NG ++# include ++ int keep_capabilities = 0; ++#endif ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + struct tree_cache *global_options[256]; +@@ -590,6 +595,10 @@ main(int argc, char **argv) { + if (++i == argc) + usage(use_noarg, argv[i-1]); + dhcrelay_sub_id = argv[i]; ++#endif ++ } else if (!strcmp(argv[i], "-nc")) { ++#ifdef HAVE_LIBCAP_NG ++ keep_capabilities = 1; + #endif + } else if (!strcmp(argv[i], "-pf")) { + if (++i == argc) +@@ -660,6 +669,17 @@ main(int argc, char **argv) { + #endif + } + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_BOTH); ++ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); ++ capng_apply(CAPNG_SELECT_BOTH); ++ log_info ("Dropped all unnecessary capabilities."); ++ } ++#endif ++ + if (!quiet) { + log_info("%s %s", message, PACKAGE_VERSION); + log_info(copyright); +@@ -816,6 +836,15 @@ main(int argc, char **argv) { + signal(SIGTERM, dhcp_signal_handler); /* kill */ + #endif + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop all capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_BOTH); ++ capng_apply(CAPNG_SELECT_BOTH); ++ log_info ("Dropped all capabilities."); ++ } ++#endif ++ + /* Start dispatching packets and timeouts... */ + dispatch(); + +-- +2.14.5 + diff --git a/bugfix-dhcp-4.2.5-check-dhclient-pid.patch b/bugfix-dhcp-4.2.5-check-dhclient-pid.patch new file mode 100644 index 0000000..aa5b15b --- /dev/null +++ b/bugfix-dhcp-4.2.5-check-dhclient-pid.patch @@ -0,0 +1,74 @@ +--- a/client/dhclient.c 2019-01-25 14:34:46.996000000 +0800 ++++ b/client/dhclient.c 2019-01-25 14:34:16.382000000 +0800 +@@ -114,6 +114,8 @@ + + int bootp_broadcast_always = 0; + ++int buf_size = 128; ++ + extern struct option *default_requested_options[]; + + void run_stateless(int exit_mode, u_int16_t port); +@@ -143,6 +143,7 @@ static void dhclient_ddns_cb_free(dhcp_ddns_cb_t *ddns_cb, + char* file, int line); + #endif /* defined NSUPDATE */ + ++static int check_dhclient_pid(pid_t pid); + + /*! + * +@@ -682,7 +686,8 @@ + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +- if (e != 0 && e != EOF && oldpid) { ++ if (e != 0 && e != EOF) { ++ if (oldpid && check_dhclient_pid(oldpid)) { + if (kill(oldpid, SIGTERM) == 0) { + log_info("Killed old client process"); + (void) unlink(path_dhclient_pid); +@@ -698,6 +703,7 @@ + log_info("Removed stale PID file"); + (void) unlink(path_dhclient_pid); + } ++ } + } + fclose(pidfd); + } else { +@@ -738,7 +744,7 @@ + oldpid = (pid_t)temp; + + if (e != 0 && e != EOF) { +- if (oldpid) { ++ if (oldpid && check_dhclient_pid(oldpid)) { + if (kill(oldpid, SIGTERM) == 0) + unlink(path_dhclient_pid); + } +@@ -6045,3 +6051,27 @@ + log_error("dhcp4o6_stop: send(): %m"); + } + #endif /* DHCPv6 && DHCP4o6 */ ++ ++static int check_dhclient_pid(pid_t pid) { ++ char proc_pid_path[buf_size]; ++ char task_name[buf_size]; ++ ++ memset(proc_pid_path, 0, buf_size); ++ memset(task_name, 0, buf_size); ++ ++ snprintf(proc_pid_path, buf_size - 1, "/proc/%d/comm", pid); ++ ++ FILE* fp = fopen(proc_pid_path, "r"); ++ if(fp != NULL) { ++ if( fgets(task_name, buf_size, fp) == NULL ) { ++ fclose(fp); ++ return 0; ++ } ++ fclose(fp); ++ if(strncmp(task_name, "dhclient", 8) == 0) { ++ return 1; ++ } ++ } ++ ++ return 0; ++} diff --git a/bugfix-reduce-getifaddr-calls.patch b/bugfix-reduce-getifaddr-calls.patch new file mode 100644 index 0000000..02ea835 --- /dev/null +++ b/bugfix-reduce-getifaddr-calls.patch @@ -0,0 +1,191 @@ +From 722051d384b940091ed6f1acf60d22fdb65efde6 Mon Sep 17 00:00:00 2001 +From: LuZhang +Date: Thu, 19 Sep 2019 16:05:23 +0800 +Subject: [PATCH] Module: DHCP + +reason: reducing getifaddrs calls and improving running performance + +Signed-off-by: LuZhang +--- + common/discover.c | 5 +- + common/lpf.c | 113 ++++++++++++++++++++++++++++++++++++++++++++++ + includes/dhcpd.h | 5 ++ + 3 files changed, 122 insertions(+), 1 deletion(-) + +diff --git a/common/discover.c b/common/discover.c +index 6860645..26be5de 100644 +--- a/common/discover.c ++++ b/common/discover.c +@@ -588,9 +588,12 @@ discover_interfaces(int state) { + #endif + + static int setup_fallback = 0; ++ struct ifaddrs *ifaddrs_start = NULL; + + if (!begin_iface_scan(&ifaces)) { + log_fatal("Can't get list of interfaces."); ++ } else { ++ ifaddrs_start = ifaces.head; + } + + /* If we already have a list of interfaces, and we're running as +@@ -651,7 +654,7 @@ discover_interfaces(int state) { + tmp = interfaces; /* XXX */ + } + if (tmp != NULL) +- try_hw_addr(tmp); ++ try_hw_addr2(tmp, ifaddrs_start); + + if (dhcp_interface_discovery_hook) { + (*dhcp_interface_discovery_hook)(tmp); +index 9ec8a31..823ba6b 100644 +--- a/common/lpf.c ++++ b/common/lpf.c +@@ -697,6 +697,119 @@ ioctl_get_ll(char *name) + return sll; + } + ++isc_result_t ++get_hw_addr3(struct interface_info *info, struct ifaddrs *ifaddrs_start) ++{ ++ struct hardware *hw = &info->hw_address; ++ char *name = info->name; ++ struct ifaddrs *ifaddrs = ifaddrs_start; ++ struct ifaddrs *ifa = NULL; ++ struct sockaddr_ll *sll = NULL; ++ int sll_allocated = 0; ++ char *dup = NULL; ++ char *colon = NULL; ++ isc_result_t result = ISC_R_SUCCESS; ++ ++ if (ifaddrs == NULL) ++ log_fatal("Failed to get interfaces"); ++ ++ if ((sll = get_ll(ifaddrs, &ifa, name)) == NULL) { ++ /* ++ * We were unable to get link-layer address for name. ++ * Fall back to ioctl(SIOCGIFHWADDR). ++ */ ++ sll = ioctl_get_ll(name); ++ if (sll != NULL) ++ sll_allocated = 1; ++ else ++ // shouldn't happen ++ log_fatal("Unexpected internal error"); ++ } ++ ++ switch (sll->sll_hatype) { ++ case ARPHRD_ETHER: ++ hw->hlen = 7; ++ hw->hbuf[0] = HTYPE_ETHER; ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_IEEE802: ++#ifdef ARPHRD_IEEE802_TR ++ case ARPHRD_IEEE802_TR: ++#endif /* ARPHRD_IEEE802_TR */ ++ hw->hlen = 7; ++ hw->hbuf[0] = HTYPE_IEEE802; ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_FDDI: ++ hw->hlen = 7; ++ hw->hbuf[0] = HTYPE_FDDI; ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_INFINIBAND: ++ dup = strdup(name); ++ /* Aliased infiniband interface is special case where ++ * neither get_ll() nor ioctl_get_ll() get's correct hw ++ * address, so we have to truncate the :0 and run ++ * get_ll() again for the rest. ++ */ ++ if ((colon = strchr(dup, ':')) != NULL) { ++ *colon = '\0'; ++ if ((sll = get_ll(ifaddrs, &ifa, dup)) == NULL) ++ log_fatal("Error getting hardware address for \"%s\": %m", name); ++ } ++ free (dup); ++ /* For Infiniband, save the broadcast address and store ++ * the port GUID into the hardware address. ++ */ ++ if (ifa && (ifa->ifa_flags & IFF_BROADCAST)) { ++ struct sockaddr_ll *bll; ++ ++ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; ++ memcpy(&info->bcast_addr, bll->sll_addr, 20); ++ } else { ++ memcpy(&info->bcast_addr, default_ib_bcast_addr, ++ 20); ++ } ++ ++ hw->hlen = HARDWARE_ADDR_LEN_IOCTL + 1; ++ hw->hbuf[0] = HTYPE_INFINIBAND; ++ memcpy(&hw->hbuf[1], ++ &sll->sll_addr[sll->sll_halen - HARDWARE_ADDR_LEN_IOCTL], ++ HARDWARE_ADDR_LEN_IOCTL); ++ break; ++#if defined(ARPHRD_PPP) ++ case ARPHRD_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("local_family != AF_INET6 for \"%s\"", ++ name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif ++ default: ++ log_error("Unsupported device type %hu for \"%s\"", ++ sll->sll_hatype, name); ++ result = ISC_R_NOTFOUND; ++ ++ } ++ ++ if (sll_allocated) ++ dfree(sll, MDL); ++ //freeifaddrs(ifaddrs); ++ return result; ++} ++ ++void try_hw_addr2(struct interface_info *info, struct ifaddrs *ifaddrs_start){ ++ get_hw_addr3(info, ifaddrs_start); ++} ++ + // define ? + void try_hw_addr(struct interface_info *info){ + get_hw_addr2(info); +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index 40b5bdc..c9260e7 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -29,6 +29,7 @@ + /*! \file includes/dhcpd.h */ + + #include "config.h" ++#include + + #ifndef __CYGWIN32__ + #include +@@ -2595,6 +2596,10 @@ const char *print_time(TIME); + + void get_hw_addr(struct interface_info *info); + void try_hw_addr(struct interface_info *info); ++ ++void try_hw_addr2(struct interface_info *info, struct ifaddrs *ifaddrs_start); ++isc_result_t get_hw_addr3(struct interface_info *info, struct ifaddrs *ifaddrs_start); ++ + isc_result_t get_hw_addr2(struct interface_info *info); + char *buf_to_hex (const unsigned char *s, unsigned len, + const char *file, int line); +-- +2.19.1 + + + diff --git a/dhcp.spec b/dhcp.spec new file mode 100644 index 0000000..92ffc56 --- /dev/null +++ b/dhcp.spec @@ -0,0 +1,352 @@ +%global nmconfdir %{_sysconfdir}/NetworkManager +%global dhcpconfdir %{_sysconfdir}/dhcp + +Name: dhcp +Version: 4.4.2 +Release: 0 +Summary: Dynamic host configuration protocol software +#Please don't change the epoch on this package +Epoch: 12 +License: ISC +URL: https://www.isc.org/dhcp/ +Source0: http://ftp.isc.org/isc/dhcp/%{version}/dhcp-%{version}.tar.gz +Source1: dhclient-script +Source2: README.dhclient.d +Source3: 11-dhclient +Source5: 56dhclient +Source6: dhcpd.service +Source7: dhcpd6.service +Source8: dhcrelay.service + +Patch1 : 0001-change-bug-url.patch +Patch2 : 0002-additional-dhclient-options.patch +Patch3 : 0003-Handle-releasing-interfaces-requested-by-sbin-ifup.patch +Patch4 : 0004-Support-unicast-BOOTP-for-IBM-pSeries-systems-and-ma.patch +Patch5 : 0005-Change-default-requested-options.patch +Patch6 : 0006-Various-man-page-only-fixes.patch +Patch7 : 0007-Change-paths-to-conform-to-our-standards.patch +Patch8 : 0008-Make-sure-all-open-file-descriptors-are-closed-on-ex.patch +Patch9 : 0009-Fix-garbage-in-format-string-error.patch +Patch10 : 0010-Handle-null-timeout.patch +Patch11 : 0011-Drop-unnecessary-capabilities.patch +Patch12 : 0012-RFC-3442-Classless-Static-Route-Option-for-DHCPv4-51.patch +Patch13 : 0013-DHCPv6-over-PPP-support-626514.patch +Patch14 : 0014-IPoIB-support-660681.patch +Patch15 : 0015-Add-GUID-DUID-to-dhcpd-logs-1064416.patch +Patch16 : 0016-Turn-on-creating-sending-of-DUID.patch +Patch17 : 0017-Send-unicast-request-release-via-correct-interface.patch +Patch18 : 0018-No-subnet-declaration-for-iface-should-be-info-not-e.patch +Patch19 : 0019-dhclient-write-DUID_LLT-even-in-stateless-mode-11563.patch +Patch20 : 0020-Discover-all-hwaddress-for-xid-uniqueness.patch +Patch21 : 0021-Load-leases-DB-in-non-replay-mode-only.patch +Patch22 : 0022-dhclient-make-sure-link-local-address-is-ready-in-st.patch +Patch23 : 0023-option-97-pxe-client-id.patch +Patch24 : 0024-Detect-system-time-changes.patch +Patch25 : 0025-bind-Detect-system-time-changes.patch +Patch26 : 0026-Add-dhclient-5-B-option-description.patch +Patch27: 0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch + +Patch6003: bugfix-dhcp-4.2.5-check-dhclient-pid.patch +Patch6004: bugfix-reduce-getifaddr-calls.patch + +Patch9001: bugfix-dhcpd-2038-problem.patch +Patch9003: dhcpd-coredump-infiniband.patch +Patch9004: huawei-bugfix-dhclient-check-if-pid-was-held.patch + +BuildRequires: gcc autoconf automake libtool openldap-devel krb5-devel libcap-ng-devel bind-export-devel +BuildRequires: systemd systemd-devel + +Requires: shadow-utils coreutils grep sed systemd gawk ipcalc iproute iputils + + +Provides: %{name}-common %{name}-libs %{name}-server %{name}-relay %{name}-compat %{name}-client +Obsoletes: %{name}-common %{name}-libs %{name}-server %{name}-relay %{name}-compat %{name}-client + + +Provides: dhcp = %{epoch}:%{version}-%{release} +Obsoletes: dhcp < %{epoch}:%{version}-%{release} + +Provides: dhclient = %{epoch}:%{version}-%{release} +Obsoletes: dhclient < %{epoch}:%{version}-%{release} + + +%description +The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks. + +%package devel +Summary: Development headers and libraries for interfacing to the DHCP server +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description devel +Header files for using the ISC DHCP libraries. The +libdhcpctl and libomapi static libraries are also included in this package. + +%package_help + +%prep +%setup -n %{name}-%{version} +pushd bind +tar -xvf bind.tar.gz +ln -s bind-9* bind +popd +%autopatch -p1 +#rm bind/bind.tar.gz + +sed -i -e 's|/var/db/|%{_localstatedir}/lib/dhcpd/|g' contrib/dhcp-lease-list.pl + + +%build +autoreconf --verbose --force --install + +CFLAGS="%{optflags} -fno-strict-aliasing" \ +%configure --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ + --with-srv6-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd6.leases \ + --with-cli-lease-file=%{_localstatedir}/lib/dhclient/dhclient.leases \ + --with-cli6-lease-file=%{_localstatedir}/lib/dhclient/dhclient6.leases \ + --with-srv-pid-file=%{_localstatedir}/run/dhcpd.pid \ + --with-srv6-pid-file=%{_localstatedir}/run/dhcpd6.pid \ + --with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \ + --with-cli6-pid-file=%{_localstatedir}/run/dhclient6.pid \ + --with-relay-pid-file=%{_localstatedir}/run/dhcrelay.pid \ + --with-ldap --with-ldapcrypto --with-ldap-gssapi --disable-static --enable-log-pid --enable-paranoia --enable-early-chroot \ + --enable-binary-leases --with-systemd + +make + +%install +%make_install + +install -D -p -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/dhclient-script + +install -p -m 0644 %{SOURCE2} . + +mkdir -p $RPM_BUILD_ROOT%{dhcpconfdir}/dhclient.d + +mkdir -p $RPM_BUILD_ROOT%{nmconfdir}/dispatcher.d +install -p -m 0755 %{SOURCE3} $RPM_BUILD_ROOT%{nmconfdir}/dispatcher.d + +install -D -p -m 0755 %{SOURCE5} $RPM_BUILD_ROOT%{_libdir}/pm-utils/sleep.d/56dhclient + +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir} +install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} +install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} + +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dhcpd/ +touch $RPM_BUILD_ROOT%{_localstatedir}/lib/dhcpd/dhcpd.leases +touch $RPM_BUILD_ROOT%{_localstatedir}/lib/dhcpd/dhcpd6.leases +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dhclient/ + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig +cat < %{buildroot}%{_sysconfdir}/sysconfig/dhcpd +# WARNING: This file is NOT used anymore. + +# If you are here to restrict what interfaces should dhcpd listen on, +# be aware that dhcpd listens *only* on interfaces for which it finds subnet +# declaration in dhcpd.conf. It means that explicitly enumerating interfaces +# also on command line should not be required in most cases. + +# If you still insist on adding some command line options, +# copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify +# it there. +# https://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F + +# example: +# $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/ +# $ vi /etc/systemd/system/dhcpd.service +# $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid +# $ systemctl --system daemon-reload +# $ systemctl restart dhcpd.service +EOF + +mkdir -p $RPM_BUILD_ROOT%{dhcpconfdir} +cat << EOF > %{buildroot}%{dhcpconfdir}/dhcpd.conf +# +# DHCP Server Configuration file. +# see /usr/share/doc/dhcp-server/dhcpd.conf.example +# see dhcpd.conf(5) man page +# +EOF +cat << EOF > %{buildroot}%{dhcpconfdir}/dhcpd6.conf +# +# DHCPv6 Server Configuration file. +# see /usr/share/doc/dhcp-server/dhcpd6.conf.example +# see dhcpd.conf(5) man page +# +EOF + +rm -f $RPM_BUILD_ROOT/usr/lib/debug/usr/sbin/dhcrelay-4.3.6-28.7.aarch64.debug +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/dhclient.conf.example +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/dhcpd.conf.example + + + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-client +mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-server +install -p -m 0755 doc/examples/dhclient-dhcpv6.conf $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-client/dhclient6.conf.example +install -p -m 0755 doc/examples/dhcpd-dhcpv6.conf $RPM_BUILD_ROOT%{_datadir}/doc/dhcp-server/dhcpd6.conf.example + +install -D -p -m 0644 contrib/ldap/dhcp.schema $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/dhcp.schema + +find $RPM_BUILD_ROOT -type f -name "*.la" -delete -print + +%check +make check + +%pre +%global gid_uid 177 +if ! getent group dhcpd > /dev/null ; then + groupadd --force --gid %{gid_uid} --system dhcpd +fi + +if ! getent passwd dhcpd >/dev/null ; then + if ! getent passwd %{gid_uid} >/dev/null ; then + useradd --system --uid %{gid_uid} --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd + else + useradd --system --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd + fi +fi + + + +exit 0 + +%preun +%systemd_preun dhcpd.service dhcpd6.service dhcrelay.service + + +%post +/sbin/ldconfig +%systemd_post dhcpd.service dhcpd6.service dhcrelay.service + +for servicename in dhcpd dhcpd6 dhcrelay; do + etcservicefile=%{_sysconfdir}/systemd/system/${servicename}.service + if [ -f ${etcservicefile} ]; then + grep -q Type= ${etcservicefile} || sed -i '/\[Service\]/a Type=notify' ${etcservicefile} + sed -i 's/After=network.target/Wants=network-online.target\nAfter=network-online.target/' ${etcservicefile} + fi +done +exit 0 + +%postun +/sbin/ldconfig +%systemd_postun_with_restart dhcpd.service dhcpd6.service dhcrelay.service + +%files +%defattr(-,root,root) +%license LICENSE +%doc README RELNOTES doc/References.txt +%doc README.dhclient.d client/dhclient.conf.example +%doc contrib/ldap/ contrib/dhcp-lease-list.pl +%{_datadir}/doc/dhcp-client/dhclient6.conf.example +%{_datadir}/doc/dhcp-server/dhcpd6.conf.example +%dir %{_sysconfdir}/openldap/schema +%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema +%attr(0750,root,root) %dir %{dhcpconfdir} +%dir %{_localstatedir}/lib/dhclient +%dir %{dhcpconfdir}/dhclient.d +%dir %{_sysconfdir}/NetworkManager +%dir %{_sysconfdir}/NetworkManager/dispatcher.d +%{_sysconfdir}/NetworkManager/dispatcher.d/11-dhclient +%attr(0644,root,root) %{_unitdir}/dhcpd.service +%attr(0644,root,root) %{_unitdir}/dhcpd6.service +%attr(0644,root,root) %{_unitdir}/dhcrelay.service +%attr(0644,dhcpd,dhcpd) %verify(mode) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases +%attr(0644,dhcpd,dhcpd) %verify(mode) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd6.leases +%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd +%config(noreplace) %{dhcpconfdir}/dhcpd.conf +%config(noreplace) %{dhcpconfdir}/dhcpd6.conf +%{_sbindir}/dhcpd +%{_sbindir}/dhclient +%{_sbindir}/dhclient-script +%{_sbindir}/dhcrelay +%{_bindir}/omshell +%attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56dhclient + +%files devel +%defattr(-,root,root) +%doc doc/IANA-arp-parameters doc/api+protocol +%{_includedir}/dhcpctl +%{_includedir}/omapip +%{_libdir}/libdhcp*.a +%{_libdir}/libomapi.a + + +%files help +%defattr(644,root,root) +%doc doc/* +%{_mandir}/man1/omshell.1.gz +%{_mandir}/man5/dhcpd.conf.5.gz +%{_mandir}/man5/dhcpd.leases.5.gz +%{_mandir}/man8/dhcpd.8.gz +%{_mandir}/man5/dhcp-options.5.gz +%{_mandir}/man5/dhcp-eval.5.gz +%{_mandir}/man5/dhclient.conf.5.gz +%{_mandir}/man5/dhclient.leases.5.gz +%{_mandir}/man8/dhclient.8.gz +%{_mandir}/man8/dhclient-script.8.gz +%{_mandir}/man8/dhcrelay.8.gz +%{_mandir}/man3/dhcpctl.3.gz +%{_mandir}/man3/omapi.3.gz + +%changelog +* Wed May 6 2020 zhanglu - 4.4.2b1-1 +- Type:requirement +- ID:NA +- SUG:restart +- DESC: add lease file directoroy + +* Thu Apr 24 2020 zhanglu - 4.4.2b1 +- Type:requirement +- ID:NA +- SUG:restart +- DESC: update to 4.4.2b1 + +* Tue Mar 3 2020 zhanglu - 4.3.6-37 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: recheck if last pid was held by other process + +* Thu Feb 27 2020 zhanglu - 4.3.6-36 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: check if last pid when held by other process + +* Wed Jan 22 2020 zhanglu - 4.3.6-35 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: modify dhcpd coredump when discover interfaces + +* Sat Jan 11 2020 openEuler Buildteam - 4.3.6-34 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: delete patches + +* Tue Dec 24 2019 openEuler Buildteam - 4.3.6-33 +- rename doc subpackage as help subpackage + +* Sat Dec 21 2019 openEuler Buildteam - 4.3.6-32 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Fix dhcpd 2038 problem; + Adds address prefix len to dhclient cli + +* Wed Sep 25 2019 openEuler Buildteam - 4.3.6-31 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: reducing getifaddrs calls and improving code performance + +* Mon Sep 9 2019 openEuler Buildteam - 4.3.6-30 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:Fix dhcp package installation failed + +* Thu Sep 5 2019 hufeng - 4.3.6-29 +-Create dhcp spec -- Gitee