From 8b9d5e1b3b93506e1aae0f93183714562d28c312 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Mon, 19 Dec 2011 18:38:02 +0100 Subject: [PATCH] don't ship legacy SysV initscripts + dhcpd[6].service improvements dhcpd6: move '-cf /etc/dhcp/dhcpd6.conf' from sysconfig/dhcpd6 to dhcpd6.service run 'chown -R dhcpd:dhcpd /var/lib/dhcpd/' before starting dhcpd/dhcpd6 service for the case where leases file is owned by root:root as a consequence of running dhcpd without '-user dhcpd -group dhcpd' (#744292) --- dhcp.spec | 24 +++----- dhcpd.init | 150 ------------------------------------------------ dhcpd.service | 3 + dhcpd6.init | 153 ------------------------------------------------- dhcpd6.service | 5 +- dhcrelay.init | 121 -------------------------------------- 6 files changed, 16 insertions(+), 440 deletions(-) delete mode 100644 dhcpd.init delete mode 100644 dhcpd6.init delete mode 100644 dhcrelay.init diff --git a/dhcp.spec b/dhcp.spec index 755181a..011f844 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -22,7 +22,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.3 -Release: 8.%{patchver}%{?dist} +Release: 9.%{patchver}%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -32,9 +32,6 @@ License: ISC Group: System Environment/Daemons URL: http://isc.org/products/DHCP/ Source0: ftp://ftp.isc.org/isc/dhcp/dhcp-%{VERSION}.tar.gz -Source1: dhcpd.init -Source2: dhcpd6.init -Source3: dhcrelay.init Source4: dhclient-script Source5: README.dhclient.d Source6: 11-dhclient @@ -407,12 +404,6 @@ CFLAGS="%{optflags} -fno-strict-aliasing" \ %{__mv} %{buildroot}%{_sbindir}/dhclient %{buildroot}/sbin/dhclient %{__install} -p -m 0755 client/scripts/linux %{buildroot}/sbin/dhclient-script -# Install legacy SysV initscripts -%{__mkdir} -p %{buildroot}%{_initddir} -%{__install} -p -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/dhcpd -%{__install} -p -m 0755 %{SOURCE2} %{buildroot}%{_initddir}/dhcpd6 -%{__install} -p -m 0755 %{SOURCE3} %{buildroot}%{_initddir}/dhcrelay - # Install systemd unit files mkdir -p %{buildroot}%{_unitdir} install -m 644 %{SOURCE9} %{buildroot}%{_unitdir} @@ -443,7 +434,7 @@ EOF %{__cat} < %{buildroot}%{_sysconfdir}/sysconfig/dhcpd6 # Command line options here -DHCPDARGS="-cf /etc/dhcp/dhcpd6.conf" +DHCPDARGS="" EOF # Copy sample conf files into position (called by doc macro) @@ -669,12 +660,15 @@ fi %attr(0644,root,root) %{_mandir}/man3/dhcpctl.3.gz %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz -%files sysvinit -%{_initddir}/dhcpd -%{_initddir}/dhcpd6 -%{_initddir}/dhcrelay %changelog +* Mon Dec 19 2011 Jiri Popelka - 12:4.2.3-9.P1 +- don't ship legacy SysV initscripts +- dhcpd6: move '-cf /etc/dhcp/dhcpd6.conf' from sysconfig/dhcpd6 to dhcpd6.service +- run 'chown -R dhcpd:dhcpd /var/lib/dhcpd/' before starting dhcpd/dhcpd6 service + for the case where leases file is owned by root:root as a + consequence of running dhcpd without '-user dhcpd -group dhcpd' (#744292) + * Fri Dec 09 2011 Jiri Popelka - 12:4.2.3-8.P1 - 4.2.3-P1: fix for CVE-2011-4539 (#765681) diff --git a/dhcpd.init b/dhcpd.init deleted file mode 100644 index 5ea0e99..0000000 --- a/dhcpd.init +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/sh -# -### BEGIN INIT INFO -# Provides: dhcpd -# Default-Start: -# Default-Stop: -# Should-Start: -# Required-Start: $network -# Required-Stop: -# Short-Description: Start and stop the DHCP server -# Description: dhcpd provides the Dynamic Host Configuration Protocol (DHCP) -# server. -### END INIT INFO -# -# The fields below are left around for legacy tools (will remove later). -# -# chkconfig: - 65 35 -# description: dhcpd provides the Dynamic Host Configuration Protocol (DHCP) \ -# server -# processname: dhcpd -# config: /etc/dhcp/dhcpd.conf -# config: /var/lib/dhcpd/dhcpd.leases -# pidfile: /var/run/dhcpd.pid - -. /etc/rc.d/init.d/functions - -RETVAL=0 - -prog=dhcpd -exec=/usr/sbin/dhcpd -lockfile=/var/lock/subsys/dhcpd -pidfile=/var/run/dhcpd.pid -statedir=/var/lib/dhcpd - -[ -f /etc/sysconfig/dhcpd ] && . /etc/sysconfig/dhcpd - -# if the user specified a different config file, make sure we reference it -findConfig() { - for arg in $DHCPDARGS ; do - if [ "$found" = 1 ]; then - [ -f "$arg" ] && echo "$arg" - return - fi - if [ "$arg" = "-cf" ]; then - found=1 - continue - fi - done - echo "/etc/dhcp/dhcpd.conf" -} - -config="$(findConfig "$DHCPDARGS")" - -if [ ! -f $statedir/dhcpd.leases ] ; then - mkdir -p $statedir - touch $statedir/dhcpd.leases - [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon $statedir/dhcpd.leases >/dev/null 2>&1 -fi - -configtest() { - [ -x $exec ] || return 5 - [ -f $config ] || return 6 - $exec -q -t -cf $config - RETVAL=$? - if [ $RETVAL -eq 1 ]; then - $exec -t -cf $config - else - echo "Syntax: OK" >&2 - fi - return $RETVAL -} - -rh_status() { - status -p $pidfile -l $(basename $lockfile) $exec -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - -start() { - [ `id -u` -eq 0 ] || return 4 - [ -x $exec ] || return 5 - [ -f $config ] || return 6 - - rh_status_q && return 0 - - echo -n $"Starting $prog: " - daemon --pidfile=$pidfile $exec $DHCPDARGS 2>/dev/null - RETVAL=$? - - echo - [ $RETVAL -eq 0 ] && touch $lockfile - return $RETVAL -} - -stop() { - [ `id -u` -eq 0 ] || return 4 - - rh_status_q || return 0 - - echo -n $"Shutting down $prog: " - killproc -p $pidfile $prog - RETVAL=$? - - echo - [ $RETVAL -eq 0 ] && rm -f $lockfile - return $RETVAL -} - -usage() { - echo $"Usage: $0 {start|stop|restart|force-reload|condrestart|try-restart|configtest|status}" -} - -if [ $# -gt 1 ]; then - exit 2 -fi - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|force-reload) - stop ; start - ;; - condrestart|try-restart) - rh_status_q || exit 0 - stop ; start - ;; - reload) - usage - # unimplemented feature - exit 3 - ;; - configtest) - configtest - ;; - status) - rh_status - ;; - *) - usage - exit 2 - ;; -esac - -exit $? diff --git a/dhcpd.service b/dhcpd.service index c9a73a1..493c351 100644 --- a/dhcpd.service +++ b/dhcpd.service @@ -4,6 +4,9 @@ After=syslog.target network.target [Service] EnvironmentFile=/etc/sysconfig/dhcpd +# For the case where /var/lib/dhcpd/dhcpd.leases is owned by root:root as a +# consequence of running dhcpd without '-user dhcpd -group dhcpd' +ExecStartPre=/bin/chown -R dhcpd:dhcpd /var/lib/dhcpd/ ExecStart=/usr/sbin/dhcpd -d -user dhcpd -group dhcpd --no-pid $DHCPDARGS [Install] diff --git a/dhcpd6.init b/dhcpd6.init deleted file mode 100644 index ed332a0..0000000 --- a/dhcpd6.init +++ /dev/null @@ -1,153 +0,0 @@ -#!/bin/sh -# -### BEGIN INIT INFO -# Provides: dhcpd -# Default-Start: -# Default-Stop: -# Should-Start: -# Required-Start: $network -# Required-Stop: -# Short-Description: Start and stop the DHCPv6 server -# Description: dhcpd provides the Dynamic Host Configuration Protocol (DHCPv6) -# server. -### END INIT INFO -# -# The fields below are left around for legacy tools (will remove later). -# -# chkconfig: - 65 35 -# description: dhcpd provides the Dynamic Host Configuration Protocol (DHCPv6) \ -# server -# processname: dhcpd -# config: /etc/dhcp/dhcpd6.conf -# config: /var/lib/dhcpd/dhcpd6.leases -# pidfile: /var/run/dhcpd6.pid - -. /etc/rc.d/init.d/functions - -RETVAL=0 - -prog=dhcpd -exec=/usr/sbin/dhcpd -lockfile=/var/lock/subsys/dhcpd6 -pidfile=/var/run/dhcpd6.pid -statedir=/var/lib/dhcpd -default_config=/etc/dhcp/dhcpd6.conf - -[ -f /etc/sysconfig/dhcpd6 ] && . /etc/sysconfig/dhcpd6 - -# if the user specified a different config file, make sure we reference it -findConfig() { - for arg in $DHCPDARGS ; do - if [ "$found" = 1 ]; then - [ -f "$arg" ] && echo "$arg" - return - fi - if [ "$arg" = "-cf" ]; then - found=1 - continue - fi - done - echo $default_config -} - -config="$(findConfig "$DHCPDARGS")" - -if [ ! -f $statedir/dhcpd6.leases ] ; then - mkdir -p $statedir - touch $statedir/dhcpd6.leases - [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon $statedir/dhcpd6.leases >/dev/null 2>&1 -fi - -configtest() { - [ -x $exec ] || return 5 - [ -f $config ] || return 6 - $exec -q -t -6 -cf $config - RETVAL=$? - if [ $RETVAL -eq 1 ]; then - $exec -t -6 -cf $config - else - echo "Syntax: OK" >&2 - fi - return $RETVAL -} - -rh_status() { - status -p $pidfile -l $(basename $lockfile) $exec -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - -start() { - [ `id -u` -eq 0 ] || return 4 - [ -x $exec ] || return 5 - [ -f $config ] || return 6 - - rh_status_q && return 0 - - # add default dhcpd6.conf configuration file if there's no one in DHCPDARGS - [ "${config}" = "${default_config}" ] && DHCPDARGS="$DHCPDARGS -cf $default_config" - - echo -n $"Starting $prog (DHCPv6): " - daemon --pidfile=$pidfile $exec -6 $DHCPDARGS 2>/dev/null - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch $lockfile - return $RETVAL -} - -stop() { - [ `id -u` -eq 0 ] || return 4 - - rh_status_q || return 0 - - echo -n $"Shutting down $prog (DHCPv6): " - killproc -p $pidfile $prog - RETVAL=$? - - echo - [ $RETVAL -eq 0 ] && rm -f $lockfile - return $RETVAL -} - -usage() { - echo $"Usage: $0 {start|stop|restart|force-reload|condrestart|try-restart|configtest|status}" -} - -if [ $# -gt 1 ]; then - exit 2 -fi - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|force-reload) - stop ; start - ;; - condrestart|try-restart) - rh_status_q || exit 0 - stop ; start - ;; - reload) - usage - # unimplemented feature - exit 3 - ;; - configtest) - configtest - ;; - status) - rh_status - ;; - *) - usage - exit 2 - ;; -esac - -exit $? diff --git a/dhcpd6.service b/dhcpd6.service index 33f145a..028d5a1 100644 --- a/dhcpd6.service +++ b/dhcpd6.service @@ -4,7 +4,10 @@ After=syslog.target network.target [Service] EnvironmentFile=/etc/sysconfig/dhcpd6 -ExecStart=/usr/sbin/dhcpd -d -6 -user dhcpd -group dhcpd --no-pid $DHCPDARGS +# For the case where /var/lib/dhcpd/dhcpd6.leases is owned by root:root as a +# consequence of running dhcpd without '-user dhcpd -group dhcpd' +ExecStartPre=/bin/chown -R dhcpd:dhcpd /var/lib/dhcpd/ +ExecStart=/usr/sbin/dhcpd -d -6 -cf /etc/dhcp/dhcpd6.conf -user dhcpd -group dhcpd --no-pid $DHCPDARGS [Install] WantedBy=multi-user.target diff --git a/dhcrelay.init b/dhcrelay.init deleted file mode 100644 index 2b52fad..0000000 --- a/dhcrelay.init +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh -# -### BEGIN INIT INFO -# Provides: dhcrelay -# Default-Start: -# Default-Stop: -# Should-Start: -# Required-Start: $network -# Required-Stop: -# Short-Description: Start and stop the DHCP relay server -# Description: dhcrelay provides the Dynamic Host Configuration Protocol (DHCP) -# relay server. This is required when your DHCP server is on -# another network segment from the clients. -### END INIT INFO -# -# The fields below are left around for legacy tools (will remove later). -# -# chkconfig: - 65 35 -# description: dhcrelay provides a relay for Dynamic Host Control Protocol. -# processname: dhcrelay -# # pidfile: /var/run/dhcrelay.pid - -. /etc/rc.d/init.d/functions - -RETVAL=0 - -prog=dhcrelay -exec=/usr/sbin/dhcrelay -lockfile=/var/lock/subsys/dhcrelay -pidfile=/var/run/dhcrelay.pid -config=/etc/sysconfig/dhcrelay - -# The dhcrelay daemon uses the sysconfig file for configuration information. -# There is no native configuration file for this program and you must specify -# its settings on the command line. -[ -f /etc/sysconfig/dhcrelay ] && . /etc/sysconfig/dhcrelay - -configtest() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - [ -z "$DHCPSERVERS" ] && exit 6 - return 0 -} - -rh_status() { - status $exec -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - -start() { - [ `id -u` -eq 0 ] || exit 4 - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - - rh_status_q && return 0 - - echo -n $"Starting $prog: " - daemon $exec $DHCRELAYARGS 2>/dev/null - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch $lockfile - return $RETVAL -} - -stop() { - [ `id -u` -eq 0 ] || exit 4 - - rh_status_q || return 0 - - echo -n $"Shutting down $prog: " - killproc $prog - RETVAL=$? - - echo - [ $RETVAL -eq 0 ] && rm -f $lockfile - return $RETVAL -} - -usage() { - echo $"Usage: $0 {start|stop|restart|force-reload|condrestart|try-restart|configtest|status}" -} - -if [ $# -gt 1 ]; then - exit 2 -fi - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|force-reload) - stop ; start - ;; - condrestart|try-restart) - rh_status_q || exit 0 - stop ; start - ;; - reload) - usage - # unimplemented feature - exit 3 - ;; - configtest) - configtest - ;; - status) - rh_status - ;; - *) - usage - exit 2 - ;; -esac - -exit $?