From 9f9dbecbe31a8162243b7125c1b485f30d02d564 Mon Sep 17 00:00:00 2001 From: Martin Osvald Date: Thu, 3 Nov 2022 09:59:27 +0100 Subject: [PATCH] Use systemd-sysusers for dhcp user and group Resolves: #2095396 --- dhcp.spec | 29 +++++++++++------------------ dhcp.sysusers | 3 +++ 2 files changed, 14 insertions(+), 18 deletions(-) create mode 100644 dhcp.sysusers diff --git a/dhcp.spec b/dhcp.spec index 5d8043f..ce39e57 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -32,6 +32,7 @@ Source5: 56dhclient Source6: dhcpd.service Source7: dhcpd6.service Source8: dhcrelay.service +Source9: dhcp.sysusers Patch1: 0001-change-bug-url.patch Patch2: 0002-additional-dhclient-options.patch @@ -87,6 +88,7 @@ BuildRequires: doxygen BuildRequires: systemtap-sdt-devel %global tapsetdir /usr/share/systemtap/tapset %endif +BuildRequires: systemd-rpm-macros # In _docdir we ship some perl scripts and module from contrib subdirectory. # Because nothing under _docdir is allowed to "require" anything, @@ -100,11 +102,9 @@ DHCP (Dynamic Host Configuration Protocol) %package server Summary: Provides the ISC DHCP server Requires: %{name}-common = %{epoch}:%{version}-%{release} -Requires(pre): shadow-utils Requires(post): coreutils grep sed -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +%{?sysusers_requires_compat} +%{?systemd_requires} %description server DHCP (Dynamic Host Configuration Protocol) is a protocol which allows @@ -119,9 +119,7 @@ This package provides the ISC DHCP server. Summary: Provides the ISC DHCP relay agent Requires: %{name}-common = %{epoch}:%{version}-%{release} Requires(post): grep sed -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +%{?systemd_requires} %description relay DHCP (Dynamic Host Configuration Protocol) is a protocol which allows @@ -290,6 +288,9 @@ install -m 644 %{SOURCE6} %{buildroot}%{_unitdir} install -m 644 %{SOURCE7} %{buildroot}%{_unitdir} install -m 644 %{SOURCE8} %{buildroot}%{_unitdir} +# systemd-sysusers +install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/dhcp.conf + # Start empty lease databases mkdir -p %{buildroot}%{_localstatedir}/lib/dhcpd/ touch %{buildroot}%{_localstatedir}/lib/dhcpd/dhcpd.leases @@ -366,17 +367,7 @@ install -D -p -m 0644 contrib/ldap/dhcp.schema %{buildroot}%{_sysconfdir}/openld find %{buildroot} -type f -name "*.la" -delete -print %pre server -# /usr/share/doc/setup/uidgid -%global gid_uid 177 -getent group dhcpd >/dev/null || groupadd --force --gid %{gid_uid} --system dhcpd -if ! getent passwd dhcpd >/dev/null ; then - if ! getent passwd %{gid_uid} >/dev/null ; then - useradd --system --uid %{gid_uid} --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd - else - useradd --system --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd - fi -fi -exit 0 +%sysusers_create_compat %{SOURCE9} %post server # Initial installation @@ -460,6 +451,7 @@ done %config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema %attr(0644,root,root) %{_unitdir}/dhcpd.service %attr(0644,root,root) %{_unitdir}/dhcpd6.service +%{_sysusersdir}/dhcp.conf %{_sbindir}/dhcpd %{_bindir}/omshell %attr(0644,root,root) %{_mandir}/man1/omshell.1.gz @@ -519,6 +511,7 @@ done * Mon Oct 10 2022 Martin Osvald - 12:4.4.2-18.b1 - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 +- Use systemd-sysusers for dhcp user and group (#2095396) * Tue May 10 2022 Martin Osvald - 12:4.4.2-17.b1 - omshell: add support for hmac-sha512 algorithm (#2083553) diff --git a/dhcp.sysusers b/dhcp.sysusers new file mode 100644 index 0000000..4841cdd --- /dev/null +++ b/dhcp.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dhcpd 177 +u dhcpd 177 "DHCP server" / /sbin/nologin