Package: kea-dhcp4-server
Version: 2.2.0-6
Severity: normal
File: kea
Tags: patch
Dear Maintainers,
thank you for your work to make Kea available on Debian.
I appreciate that you include init scripts and support init diversity.
Unfortunately those script don't work as expected. I fixed them and made
them mimic the behaviour of the Systemd service files as closely as
possible.
It would be nice if you could apply the attached patch to:
- set PIDFILE to the path used by Kea
- create the pid-directory if doesn't exist
- make the lock-directory match the one used in the Systemd service
- remove KEA_LOGGER_DESTINATION as it has no effect without an export
and is not set in the service file either
- use start-stop-stop-daemon's exec parameter instead of name (as they
exceed the 15 chars limit)
- run the daemons as non-root (default is _kea)
- make that user owner of the pid and lock directories
- give Kea access to raw sockets and privileged ports via setcap (this
is not as nice as AmbientCapabilities in Systemd, but at least is
what Kea's docs suggest)
Thank you in advance,
Stefan
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-12-cloud-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages kea-dhcp4-server depends on:
ii init-system-helpers 1.65.2
ii kea-common 2.2.0-6
ii libc6 2.36-9+deb12u1
ii libgcc-s1 12.2.0-14
ii libstdc++6 12.2.0-14
kea-dhcp4-server recommends no packages.
Versions of packages kea-dhcp4-server suggests:
pn kea-doc <none>
-- Configuration Files:
/etc/init.d/kea-dhcp4-server changed [not included]
/etc/kea/kea-dhcp4.conf changed [not included]
-- no debconf information
diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init
index 0dc99dd..3d1d5fa 100644
--- a/debian/kea-ctrl-agent.init
+++ b/debian/kea-ctrl-agent.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP Control Agent for REST Service
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Jason Guy <jason.e....@gmail.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC=kea-ctrl-agent
NAME=kea-ctrl-agent
DAEMON=/usr/sbin/kea-ctrl-agent
DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,6 +43,15 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
fi
}
@@ -52,13 +61,15 @@ create_lockfile_dir()
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
--test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +84,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +93,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +104,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name
$NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec
$DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +128,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init
index 2a1a135..c67be9e 100644
--- a/debian/kea-dhcp-ddns-server.init
+++ b/debian/kea-dhcp-ddns-server.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP DDNS Server
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Adam Majer <ad...@zombino.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC=kea-dhcp-ddns
NAME=kea-dhcp-ddns
DAEMON=/usr/sbin/kea-dhcp-ddns
DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid # depends on config-filename:
https://kea.readthedocs.io/en/latest/arm/ddns.html#starting-and-stopping-the-dhcp-ddns-server
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,22 +43,39 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
fi
}
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service" $DAEMON
+}
+
#
# Function that starts the daemon/service
#
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
--test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +90,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +99,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +110,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name
$NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec
$DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +134,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init
index bcf4ad8..c91aa61 100644
--- a/debian/kea-dhcp4-server.init
+++ b/debian/kea-dhcp4-server.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP IPv4 Server
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Adam Majer <ad...@zombino.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC="kea-dhcp4"
NAME=kea-dhcp4-server
DAEMON=/usr/sbin/kea-dhcp4
DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp4.kea-dhcp4.pid # depends on config-filename:
https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,22 +43,39 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
fi
}
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service,cap_net_raw=+ep" $DAEMON
+}
+
#
# Function that starts the daemon/service
#
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
--test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +90,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +99,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +110,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name
$NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec
$DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +134,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init
index 0aa0e27..7b57f01 100644
--- a/debian/kea-dhcp6-server.init
+++ b/debian/kea-dhcp6-server.init
@@ -6,9 +6,9 @@
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Kea DHCP IPv6 Server
-# Description: <Enter a long description of the software>
-# <...>
-# <...>
+# Description: Kea is an IPv4 and IPv6 DHCP server developed by Internet
+# Systems Consortium providing a very high-performance with
+# PostgreSQL, MySQL and memfile backends.
### END INIT INFO
# Author: Adam Majer <ad...@zombino.com>
# Do NOT "set -e"
@@ -19,11 +19,11 @@ DESC="kea-dhcp6"
NAME=kea-dhcp6-server
DAEMON=/usr/sbin/kea-dhcp6
DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf"
-PIDFILE=/run/$NAME.pid
+DAEMONUSER=_kea
+PIDFILE=/run/kea/kea-dhcp6.kea-dhcp6.pid # depends on config-filename:
https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html
SCRIPTNAME=/etc/init.d/$NAME
-KEA_PIDFILE_DIR=/run/
-KEA_LOCKFILE_DIR=/run/lock/kea/
-KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_PIDFILE_DIR=/run/kea
+KEA_LOCKFILE_DIR=/run/lock/kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -43,22 +43,39 @@ create_lockfile_dir()
{
if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_LOCKFILE_DIR"
fi
}
+create_pidfile_dir()
+{
+ if [ ! -d "$KEA_PIDFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_PIDFILE_DIR"
+ chown "$DAEMONUSER:" "$KEA_PIDFILE_DIR"
+ fi
+}
+
+setcap_binary()
+{
+ setcap "cap_net_bind_service" $DAEMON
+}
+
#
# Function that starts the daemon/service
#
do_start()
{
create_lockfile_dir
+ create_pidfile_dir
+ setcap_binary
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
--test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-c $DAEMONUSER -- \
$DAEMON_ARGS \
|| return 2
}
@@ -73,7 +90,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --name $NAME
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
$PIDFILE --exec $DAEMON --user $DAEMONUSER
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
@@ -82,7 +99,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
$DAEMON --user $DAEMONUSER
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
@@ -93,12 +110,7 @@ do_stop()
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name
$NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec
$DAEMON --user $DAEMONUSER
return 0
}
@@ -122,20 +134,12 @@ case "$1" in
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
