[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1034566: unblock: isc-dhcp/4.4.3-P1-1.1

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: isc-dhcp@packages.debian.org
Control: affects -1 + src:isc-dhcp

Dear Release Team,

Please unblock package isc-dhcp

[ Reason ]

Two main reasons:
1. Include a NEWS entry to help users to be aware ISC DHCP Server has
been EOL'ed by upstream.

2. Solve https://bugs.debian.org/1034502 so dhclient can  handle
resolv.conf inside network namespaces. The proposed changes include an
autopkgtest to test this.

[ Impact ]

1. Less chances for the users to be aware of the end of upstream support
for a very important software.

2. Users or application using dhclient inside a network namespace would
continue to have issues with the DNS resolution.  See:
https://stackoverflow.com/questions/38102481/how-can-dhclient-be-made-namespace-aware

[ Tests ]
1. Doesn't really need a test. The NEWS entry would be displayed during
upgrading if apt-listchanges is available.

2. This is the autopkgtest included in this request applied to the
current version in testing:
https://salsa.debian.org/santiago/isc-dhcp/-/jobs/4144234#L324
And this is for the proposed version:
https://salsa.debian.org/santiago/isc-dhcp/-/jobs/4144350

[ Risks ]

1. There is no risk.

2. Code is trivial.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
There is minor (and harmless) change:

  [ Bastian Germann ]
  * d/copyright Format: Add trailing slash

that I include since it was part of the default git branch. I keep it to
make it easier to handle changes in the future.

Also, I've uploaded these changes to experimental.

Thanks!

 -- Santiago

unblock isc-dhcp/4.4.3-P1-1.1

diff -Nru isc-dhcp-4.4.3-P1/debian/changelog isc-dhcp-4.4.3-P1/debian/changelog
--- isc-dhcp-4.4.3-P1/debian/changelog	2023-01-09 10:15:41.000000000 +0100
+++ isc-dhcp-4.4.3-P1/debian/changelog	2023-04-17 14:20:02.000000000 +0200
@@ -1,3 +1,17 @@
+isc-dhcp (4.4.3-P1-2) unstable; urgency=medium
+
+  [ Gabriel Potter ]
+  * Support bound /etc/resolv.conf (Closes: #1034502)
+
+  [ Bastian Germann ]
+  * d/copyright Format: Add trailing slash
+
+  [ Santiago Ruano Rincón ]
+  * Add NEWS about isc-dhcp-server EOL'ed and its apparmor profile
+  * Test debian/tests/client-server
+
+ -- Santiago Ruano Rincón <santiago@debian.org>  Mon, 17 Apr 2023 14:20:02 +0200
+
 isc-dhcp (4.4.3-P1-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru isc-dhcp-4.4.3-P1/debian/copyright isc-dhcp-4.4.3-P1/debian/copyright
--- isc-dhcp-4.4.3-P1/debian/copyright	2023-01-09 09:25:59.000000000 +0100
+++ isc-dhcp-4.4.3-P1/debian/copyright	2023-04-17 13:50:46.000000000 +0200
@@ -1,4 +1,4 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: https://www.isc.org/downloads/dhcp
 
 Files: *
diff -Nru isc-dhcp-4.4.3-P1/debian/dhclient-script.linux isc-dhcp-4.4.3-P1/debian/dhclient-script.linux
--- isc-dhcp-4.4.3-P1/debian/dhclient-script.linux	2023-01-09 09:27:37.000000000 +0100
+++ isc-dhcp-4.4.3-P1/debian/dhclient-script.linux	2023-04-17 13:50:46.000000000 +0200
@@ -84,7 +84,9 @@
 	    chown --reference=$resolv_conf $new_resolv_conf
 	    chmod --reference=$resolv_conf $new_resolv_conf
 	fi
-        mv -f $new_resolv_conf $resolv_conf
+	# cat then rm to handle binds (e.g. ip netns exec)
+	cat $new_resolv_conf > $resolv_conf
+	rm -f $new_resolv_conf
     # DHCPv6
     elif [ -n "$new_dhcp6_domain_search" ] || [ -n "$new_dhcp6_name_servers" ]; then
         resolv_conf=$(readlink -f "/etc/resolv.conf" 2>/dev/null) ||
@@ -115,7 +117,8 @@
             chown --reference=$resolv_conf $new_resolv_conf
             chmod --reference=$resolv_conf $new_resolv_conf
 	fi
-        mv -f $new_resolv_conf $resolv_conf
+	cat $new_resolv_conf > $resolv_conf
+	rm -f $new_resolv_conf
     fi
 }
 
diff -Nru isc-dhcp-4.4.3-P1/debian/isc-dhcp-server.NEWS isc-dhcp-4.4.3-P1/debian/isc-dhcp-server.NEWS
--- isc-dhcp-4.4.3-P1/debian/isc-dhcp-server.NEWS	2023-01-09 09:25:59.000000000 +0100
+++ isc-dhcp-4.4.3-P1/debian/isc-dhcp-server.NEWS	2023-04-17 13:50:46.000000000 +0200
@@ -1,3 +1,24 @@
+isc-dhcp-server (4.4.3-P1-2) unstable; urgency=medium
+
+  # ISC DHCP completely EOL
+
+  ISC has stopped maintaining the server component of isc-dhcp since October
+  2022. A similar decision was made for the client and relay parts earlier the
+  same year. ISC DHCP Server users are strongly encouraged to look for an
+  alternative.
+
+  More information can be found in these official announcements:
+  https://lists.isc.org/pipermail/dhcp-users/2022-October/022786.html
+  https://www.isc.org/blogs/isc-dhcp-eol/
+
+  # AppArmor support
+
+  Since 4.4.3-P1-1.1, isc-dhcp-server includes an apparmor profile (thanks
+  Ubuntu!). BIND keys for dynamic update should be stored in both /etc/bind9/
+  and /etc/dhcp/ddns-keys/, for bind9 and dhcpd access, respectively.
+
+ -- Santiago Ruano Rincón <santiago@debian.org>  Thu, 30 Mar 2023 10:48:03 +0200
+
 dhcp3 (3.1.1-6) unstable; urgency=low
 
 	 Please note that when running a failover pair of DHCP servers, in 3.1.x, the
diff -Nru isc-dhcp-4.4.3-P1/debian/tests/client-server isc-dhcp-4.4.3-P1/debian/tests/client-server
--- isc-dhcp-4.4.3-P1/debian/tests/client-server	1970-01-01 01:00:00.000000000 +0100
+++ isc-dhcp-4.4.3-P1/debian/tests/client-server	2023-04-17 13:50:59.000000000 +0200
@@ -0,0 +1,65 @@
+#!/usr/bin/sh
+#
+# A basic IPv4 dhcp server and client test
+# It also checks if dhclient handles correctly resolv.conf in a network
+# namespace
+
+set -e
+set -x
+
+nsserver=server
+nsclient=client
+ip_addr_server="10.42.42.1/24"
+ifaceserver=veth-server
+ifaceclient=veth-client
+
+ip netns add $nsserver
+ip netns add $nsclient
+
+ip link add \
+       ptp-$ifaceserver \
+       type veth \
+       peer name ptp-$ifaceclient
+
+ip link set ptp-$ifaceserver netns $nsserver
+ip link set ptp-$ifaceclient netns $nsclient
+
+mkdir -p /etc/netns/$nsclient
+echo "nameserver 8.8.8.8" > /etc/netns/$nsclient/resolv.conf
+
+cat << EOF >> /etc/dhcp/dhcpd.conf
+option domain-name "example.org";
+option domain-name-servers 1.1.1.1;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+log-facility local7;
+
+subnet 10.42.42.0 netmask 255.255.255.0 {
+    range 10.42.42.10 10.42.42.19;
+}
+EOF
+
+ip netns exec $nsserver ip addr \
+    add $ip_addr_server dev ptp-$ifaceserver
+ip netns exec $nsserver ip link set \
+    dev ptp-$ifaceserver up
+ip netns exec $nsclient ip link set \
+    dev ptp-$ifaceclient up
+
+if ! /usr/sbin/dhcpd -t -q -cf /etc/dhcp/dhcpd.conf > /dev/null 2>&1; then
+    echo "dhcpd self-test failed. Please fix it."
+    echo "The error was: "
+    /usr/sbin/dhcpd -t -cf /etc/dhcp/dhcpd.conf
+    exit 1
+fi
+
+ip netns exec $nsserver /usr/sbin/dhcpd -cf /etc/dhcp/dhcpd.conf
+
+ip netns exec $nsclient dhclient ptp-veth-client
+
+ip netns exec $nsclient ip addr
+
+grep "1.1.1.1" /etc/netns/$nsclient/resolv.conf
+grep -v "8.8.8.8" /etc/netns/$nsclient/resolv.conf
diff -Nru isc-dhcp-4.4.3-P1/debian/tests/control isc-dhcp-4.4.3-P1/debian/tests/control
--- isc-dhcp-4.4.3-P1/debian/tests/control	1970-01-01 01:00:00.000000000 +0100
+++ isc-dhcp-4.4.3-P1/debian/tests/control	2023-04-15 15:16:10.000000000 +0200
@@ -0,0 +1,2 @@
+Tests: client-server
+Restrictions: allow-stderr, needs-root

Attachment: signature.asc
Description: PGP signature

Reply to: