Update to 3.0.1

Remove meson-info dir because it contains non reproducible files
Use meson install_umask to set binaries and libraries permissions
2025-08-28 11:07:06 +02:00 · 2025-07-29 12:49:32 +02:00 · 2025-07-07 17:16:23 +02:00 · 2025-07-03 16:46:44 +02:00 · 2025-07-01 14:06:10 +02:00 · 2025-06-16 14:35:08 +02:00
10 changed files with 546 additions and 164 deletions
--- a/kea-2.4.1.tar.gz
+++ b/kea-2.4.1.tar.gz
--- a/kea-2.4.1.tar.gz.asc
+++ b/kea-2.4.1.tar.gz.asc
@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE2mo1COZypJ3Tgq/ZW49NkbiO2QkFAmVlt28ACgkQW49NkbiO
-2QmI3g/8DRsJRa85qqDuWNcfE5qv3Aj0BWZwqv2pM60vGBHCcXRbsfIEMOd7boww
-OvehccLJ5ybpBAFWEh6LyKfllX8xbnY8u4Hio8RiwyFgycKASLn9xYoQisq30wxW
-iNNS7Ep+mCrkjNXvVP7W3bvcwMPpRrkVaTGFva/4zeTv+8hKU62y3ltxKL6BZG+4
-2vCqBQ2g4jfecHzigQJx2fV1epJ2XyG6hjXtoMqziEZ7nvhyG7sZowhLK/QZXl2u
-ja4EdmRAZBXcsCXzBN7W42K5P2damH+mde4W0b71WlrHZQVouNvLDyMIsn3CTU7q
-84qfUNpz0i1hnofLRAMIoLUepXZiwcMdX6MCL7R8u0HIcNy4xj7giPIRndVUORCf
-r2be7vr8MFkOZ/em2t5vv8FaJkq/9AK4b7qISyOvYoRB0GKyWcdbex0l+yJAhc1K
-tFX6lyLOUIBToJ7xNE5W1xBCUoblVqZ2eLLUV844HPFNRzVb33+Pl+oL2h7MVpTs
-KY5frHIH1sV+SK/oxEcrfjXsTQwFImmzuTwJK5/ucZtnl97TEikq6lwI6QG/DbiL
-KhDJXouJP4yMAN7z59PXZKXMSH+iscqiNGlN+XXGm/fUwNt4Ennosj+ElRh7bk+H
-AwGTjUh6ZtoMgSCAPcn5yvfXB6Fn2ZpmLBiu6Vhl91kb1/qdxsw=
-=C/w0
-----END PGP SIGNATURE-----
--- a/kea-3.0.1.tar.xz
+++ b/kea-3.0.1.tar.xz
--- a/kea-3.0.1.tar.xz.asc
+++ b/kea-3.0.1.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEAlmjO19aOkRmzzRcel4ITKylGIQFAmil4+0ACgkQel4ITKyl
+GIRxlg//f+A5yEQ6RKl0DOJfQIKKPZ9SL/2a04q6Gcay2ghUl8LZOiiO98RYicyV
+PmrsY/5/nuJmLPRSPKt/pmosfgZUbWK9yuKOoBrfu0KZfQWMX+1ZJIfagY47PCvU
+RKtT50+iPOsYZAtuRw8faO8g/rdgl1vMreSIjCPZTG1R4qZkQXNnwhNRV7O3pzsr
+wSndDINLvjQoYYbklKpUszoBNppXzBCegzVFjcIjNOSta2U8xEPGQ7sv2JvKkaYf
+bVjzKuoEVn0YkkAdf7C7vLotl4UZESNo/w+DcRbrbq/FYpT1R8YWzVAJtqJCVNFI
+q0WqlK5/G2/4giAveSWzuX0dnk+OZ5kQrd323Ol6MlM/O4ymkHK7OJrcxLLrEyIC
+OnRNWQqVzJddmUTOntvoLk90wJ9yF1jrdM+S3xTpOJzhnfRoFuioZ7njjfGTyskR
+Nlt4DX3wGsg0quDQfQJAf1z1qk651/OIF27KThj5jNOPB5eWz4YjJBht9T+eHlcS
+kOsNwnKtdZe+KiGeFCsfWU7wOR65w4kQXoH1ruFqVa44ZZKUvzDi4fiJYYfJLedJ
+FfBx3c65B0COk+3kOWjAV1F+Zaf0PlrEnb75zbN0O4BrztPL12HhDtjF+CbAuOG2
+k4ZpogxZ0Q6MhiQjGFiFMs2PN2FlgiaL2zbKKG/KIjUzPnog60c=
+=1ZFT
+-----END PGP SIGNATURE-----
--- a/kea-ctrl-agent.service
+++ b/kea-ctrl-agent.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=ISC Kea Control Agent
+Before=multi-user.target
+Wants=network-online.target
+After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
+
+[Service]
+User=keadhcp
+Environment=KEA_PIDFILE_DIR=/run/kea
+RuntimeDirectory=kea
+RuntimeDirectoryMode=0750
+RuntimeDirectoryPreserve=yes
+ExecStart=/usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
+ExecReload=kill -HUP $MAINPID
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
--- a/kea-dhcp-ddns.service
+++ b/kea-dhcp-ddns.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=ISC Kea DHCP-DDNS server
+Before=multi-user.target
+Wants=network-online.target
+After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
+
+[Service]
+User=keadhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Environment=KEA_PIDFILE_DIR=/run/kea
+RuntimeDirectory=kea
+RuntimeDirectoryMode=0750
+RuntimeDirectoryPreserve=yes
+ExecStart=/usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
+ExecReload=kill -HUP $MAINPID
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
--- a/kea-dhcp4.service
+++ b/kea-dhcp4.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=ISC Kea DHCPv4 server
+Before=multi-user.target
+Wants=network-online.target
+After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
+
+[Service]
+User=keadhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+Environment=KEA_PIDFILE_DIR=/run/kea
+RuntimeDirectory=kea
+RuntimeDirectoryMode=0750
+RuntimeDirectoryPreserve=yes
+ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
+ExecReload=kill -HUP $MAINPID
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
--- a/kea-dhcp6.service
+++ b/kea-dhcp6.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=ISC Kea DHCPv6 server
+Before=multi-user.target
+Wants=network-online.target
+After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
+
+[Service]
+User=keadhcp
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Environment=KEA_PIDFILE_DIR=/run/kea
+RuntimeDirectory=kea
+RuntimeDirectoryMode=0750
+RuntimeDirectoryPreserve=yes
+ExecStart=/usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+ExecReload=kill -HUP $MAINPID
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
--- a/kea.changes
+++ b/kea.changes
@@ -1,3 +1,262 @@
+-------------------------------------------------------------------
+Thu Aug 28 09:03:21 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 3.0.1
+  Security Fixes:
+  * Corrected an issue in kea-dhcp4 that caused the server to abort
+    if a client sent a unicast request with a particular options,
+    and Kea failed to find an appropriate subnet for that client.
+    (CVE-2025-40779)
+    [bsc#1248801]
+
+  Changes:
+  * Moved Botan crypto backend support to version 3.
+  * Avoid adding the qualifying-suffix to fully qualified host
+    names specified in host reservations.
+
+-------------------------------------------------------------------
+Tue Jul 29 09:44:04 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Remove `/usr/share/kea/meson-info` directory because it contains
+  non reproducible files.
+  [bsc#1246670]
+
+-------------------------------------------------------------------
+Mon Jul  7 14:40:57 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Use meson install_umask to set binaries and libraries
+  permissions.
+
+-------------------------------------------------------------------
+Tue Jul  1 09:28:14 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 3.0.0
+  Noteworthy changes:
+  * Lease caching is now enabled by default.
+  * The control-socket.socket-name and control-socket.socket-type
+    parameters have been removed from the CB.
+  * Kea now rejects certain default passwords. If you copied your
+    Kea configuration from the examples in our documentation using
+    our sample password, change your password to a unique value.
+  * The kea-control-agent is now deprecated. The individual Kea
+    services support HTTP/HTTPS control channels, so the Control
+    Agent (CA) is no longer needed. The CA is still available but
+    will be removed in a future release.
+  * The precedence of options specified in a template class and its
+    spawned classes has been reversed. An option specified in a
+    spawned class now takes precedence over the same option
+    specified in the template class.
+  * The only-if-required and require-client-classes were renamed to
+    only-in-additional-list and evaluate-additional-classes.
+  * Classes included in require-client-classes (now called
+    evaluate-additional-classes) that do not have test expressions
+    will now be unconditionally added to a client's list of
+    matching classes; previously, they were ignored.
+  * Additional classes are now evaluated in the same order as
+    option-data, i.e. pools, subnets, and shared networks. In
+    earlier versions, the order was reversed.
+  * It is now possible to define multiple client classes when
+    limiting access to networks, subnets, and pools. The parameter
+    client-class (a single class name) has been replaced with
+    client-classes (a list of one or more class names). The older
+    syntax is still accepted but is now deprecated and will be
+    removed in the future. You cannot specify both client-class and
+    client-classes within the same scope.
+  * Options name value pairs specified in option-data have a new
+    parameter available: client-classes. This allows the
+    administrator to place a guard on the option requiring
+    membership in a class or classes before that particular option
+    data will be added to the packet. This is intended as a
+    powerful mechanism to bring back some of the functionality from
+    the conditional (if) statements that were widely used in ISC
+    DHCP. See Option Class-Tagging in the ARM for further
+    information.
+  * The build system has been switched to meson.
+
+  Further detailed information of all changes is available at
+  https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes/release-notes-3.0.0
+  and
+  https://kb.isc.org/docs/things-to-be-aware-of-when-upgrading-to-kea-300
+
+- Set RuntimeDirectoryPreserve=yes in services to prevent deletion
+  of RuntimeDirectory when one service gets stopped.
+
+-------------------------------------------------------------------
+Mon Jun 16 12:27:37 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Change After= from network.target to network-online.target and
+  add Wants=network-online.target to systemd services to prevent
+  starting up before ip setup is finished.
+
+-------------------------------------------------------------------
+Mon May 26 15:07:13 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 2.6.3
+  Security Fixes:
+  * The default configuration for the Kea Control Agent (CA) has
+    been updated to enable basic HTTP authentication.  Access to
+    the Kea API will thus require a password.
+    (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
+    [bsc#1243240]
+  * `kea-dhcp4`, `kea-dhcp6`, `kea-dhcp-ddns`, and
+    `kea-ctrl-agent` now only load hook libraries from the
+    default installation directory. For ease of use, the path may
+    be omitted.
+    (CVE-2025-32801)
+    [bsc#1243240]
+  * The API command `config-write` will now only write to the same
+    directory as the configuration file used when Kea was started
+    (passed as a `-c` argument).
+    (CVE-2025-32802)
+    [bsc#1243240]
+  * Lease files can now only be loaded from the data directory
+    `/var/lib/kea`. This path may be overridden at startup by
+    setting the environment variable `KEA_DHCP_DATA_DIR` to the
+    desired path. If a path outside the defined data directory is
+    used in `lease-database.name`, Kea returns an error and refuses
+    to start or, if already running, aborts and exits. For ease of
+    use in specifying a custom file name, simply omit the path
+    component from `name`.
+    (CVE-2025-32802)
+    [bsc#1243240]
+  * Log files can now only be written to a defined output directory
+    `/var/log/kea`. This path may be overridden at startup by
+    setting the environment variable `KEA_LOG_FILE_DIR` to the
+    desired path. If a path outside the defined output directory is
+    used in `loggers.output_options.output`, Kea returns an error
+    and refuses to start or, if already running, aborts and exits.
+    For ease of use, simply omit the path component from `output`
+    and specify only the file name.
+    (CVE-2025-32802)
+    [bsc#1243240]
+  * Files created by Kea now have more restrictive file
+    permissions. Write access by group and any access by others is
+    now forbidden.
+    (CVE-2025-32803)
+    [bsc#1243240]
+  * Sockets can no longer be created in a world-writable directory,
+    such as `/tmp`. Sockets must now be created in the more
+    restricted `/var/run/kea`.
+    (CVE-2025-32802)
+    [bsc#1243240]
+  * Many sample configuration files have been updated to reflect
+    changes introduced in this release. In the ARM, the Kea
+    Security section has been moved to a more prominent location,
+    and a new section concerning securing the Kea Control Agent has
+    been added.
+    (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
+    [bsc#1243240]
+
+  Other changes:
+  * Fix build with the latest Boost 1.87.
+    (Obsoletes patch `kea-2.6.1-boost_1.87-compat.patch`)
+  * Backported a clarification in the ARM about subnet4-delta-add.
+
+- Remove /run/kea from systemd tmpfiles as the creation of this
+  directory is handled by the services.
+- Replace 'chmod -h' and 'chown -h' with 'find' as the '-h' isn't
+  present in Leap/SLE.
+- /run/kea now has mode 0750 for all services.
+
+-------------------------------------------------------------------
+Wed Apr 30 13:21:39 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update owner and perms in %post on modified config files
+
+-------------------------------------------------------------------
+Tue Apr 15 11:01:25 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Add logic to %post for switching from kea.service to the new
+  split units, kea-*.service.
+  (Inspiration taken from strongswan.spec.)
+
+-------------------------------------------------------------------
+Wed Apr  2 15:29:59 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Split off services into separate ones to allow more fine grained
+  control for e.g. capabilities.
+- Tighten access to state and log directories.
+
+-------------------------------------------------------------------
+Wed Mar 26 16:01:54 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 2.6.2
+  Bug fixes:
+  * Fix for inaccurate statistics: Kea was miscalculating
+    declined and assigned leases.
+  * Fix for lease conflicts and NAK: Conflicting entries were
+    created when two relayed HA instances tried to update a shared
+    lease DB at the same time.
+  * Fix for `subnetX-del` not removing subnets completely:
+    `subnetX-del` was not correctly deleting the subnet declaration
+    from the shared network configuration section.
+  * Fix for `config-write` and `retry-on-startup` parameter:
+    `config-write` was improperly storing the `retry-on-startup`
+    parameter in the config file, causing Kea to fail when
+    restarting.
+  * Fix for incorrect DB schema entry: A typo prevented the
+    upgrade script from working in certain circumstances.
+  * Fix for mishandling malformed DISCOVER packets:
+  * Fix for excessive memory utilization when receiving frequent
+    SIGHUP: Kea was storing a history of configs in memory with
+    each restart.
+  * Fix for `config-set` with `output_options`: `config-set` was
+    omitting the `output_options` section when spelled with "_".
+  * Fix for store-extended-info breaking lease limits: A specific
+    combination of vendor classes and storing extended info caused
+    limits to not be applied.
+  * Fix for DB connection recovery
+  * DB upgrade scripts: DB upgrade could fail on some
+    distributions.
+
+-------------------------------------------------------------------
+Thu Mar 13 13:26:28 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Add patch to fix build with boost 1.87
+  (kea-2.6.1-boost_1.87-compat.patch)
+- Add BuildRequires for python3-sphinx_rtd_theme to fix docs build
+
+-------------------------------------------------------------------
+Tue Oct  8 11:47:33 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 2.6.1
+  Bug fixes:
+  * Corrected an issue in MySQL config back end that causes
+    preferred life time values to be overwritten when updating
+    client classes via remote-set-class6. command.
+  * Corrected an issue with overlapping enum values for option
+    definition data type.  This was causing option definitions of
+    type "record", created via config backend commands, to not load
+    properly when fetched from the back end.
+  * Corrected a bug in storing and fetching the encapsulated DHCP
+    options from the configuration backend. These options were
+    sometimes not returned when they were specified at the subnet,
+    shared network or client class level.
+  * Fixed a file descriptor leak in the High Availability hook
+    library.
+
+- Only require bison for build and enable regen_files on Tumbleweed
+  and SLFO, because bison is too old in SLES/Leap
+- Remove leading zeros from %if %{with ...}
+
+-------------------------------------------------------------------
+Tue Jun 18 09:37:04 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 2.6.0
+  * New features:
+  * Hub-and-spoke model in High Availability (HA)
+  * Ping Check hook, RADIUS hook, Performance Monitoring hook
+  * Database connection retry on startup
+  * Classless static route option
+  * Discovery of Network-designated Resolvers (DNR) options
+  * Stash Agent options: ISC DHCP provided a
+    `stash-agent-options` mechanism that, when enabled, caused
+    the server to remember options inserted by a relay agent
+    during the initial exchange with a client.
+  * Removals/Changes:
+  * Removed autogeneration of subnet-ids
+  * `output_options` was renamed to `output-options`
+
 -------------------------------------------------------------------
 Sat Feb  3 12:40:17 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

--- a/kea.spec
+++ b/kea.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package kea
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,36 +16,33 @@
 #


-%define asiodns_sover 35
-%define asiolink_sover 56
-%define cc_sover 54
-%define cfgclient_sover 51
-%define cryptolink_sover 38
-%define d2srv_sover 30
-%define database_sover 48
-%define dhcppp_sover 74
-%define dhcp_ddns_sover 41
-%define dhcpsrv_sover 90
-%define dnspp_sover 42
-%define eval_sover 52
-%define exceptions_sover 23
-%define hooks_sover 78
-%define http_sover 56
-%define log_sover 48
-%define mysql_sover 53
-%define pgsql_sover 53
-%define process_sover 57
-%define stats_sover 29
-%define tcp_sover 5
-%define util_io_sover 0
-%define util_sover 68
-%if 0%{?suse_version} >= 1500
-%bcond_without regen_files
-%else
-%bcond_with    regen_files
-%endif
+%define asiodns_sover 62
+%define asiolink_sover 88
+%define cc_sover 82
+%define cfgrpt_sover 3
+%define config_sover 83
+%define cryptolink_sover 64
+%define d2srv_sover 63
+%define database_sover 76
+%define dhcp_sover 109
+%define dhcp_ddns_sover 68
+%define dhcpsrv_sover 130
+%define dns_sover 71
+%define eval_sover 84
+%define exceptions_sover 45
+%define hooks_sover 119
+%define http_sover 87
+%define log_interprocess_sover 3
+%define log_sover 75
+%define mysql_sover 88
+%define pgsql_sover 88
+%define process_sover 90
+%define stats_sover 53
+%define tcp_sover 33
+%define util_io_sover 12
+%define util_sover 101
 Name:           kea
-Version:        2.4.1
+Version:        3.0.1
 Release:        0
 Summary:        Dynamic Host Configuration Protocol daemon
 License:        MPL-2.0
@@ -53,13 +50,15 @@ Group:          Productivity/Networking/Boot/Servers
 URL:            https://kea.isc.org/
 #Git-Clone:     https://gitlab.isc.org/isc-projects/kea
 #Github is out of date / abandoned(?)
-Source:         https://ftp.isc.org/isc/kea/%version/kea-%version.tar.gz
-Source2:        https://ftp.isc.org/isc/kea/%version/kea-%version.tar.gz.asc
+Source:         https://ftp.isc.org/isc/kea/%version/kea-%version.tar.xz
+Source2:        https://ftp.isc.org/isc/kea/%version/kea-%version.tar.xz.asc
 # https://www.isc.org/pgpkey/
 Source3:        kea.keyring
-BuildRequires:  autoconf >= 2.59
-BuildRequires:  automake
-BuildRequires:  bison >= 3.3
+Source4:        kea-dhcp4.service
+Source5:        kea-dhcp6.service
+Source6:        kea-dhcp-ddns.service
+Source7:        kea-ctrl-agent.service
+BuildRequires:  meson
 BuildRequires:  freeradius-server-devel
 BuildRequires:  gcc-c++
 BuildRequires:  libmysqlclient-devel
@@ -70,14 +69,13 @@ BuildRequires:  postgresql-server-devel
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3
 BuildRequires:  python3-Sphinx
+BuildRequires:  python3-sphinx_rtd_theme
 BuildRequires:  sysuser-tools
 BuildRequires:  xz
 BuildRequires:  pkgconfig(libcrypto)
+BuildRequires:  fdupes
 %sysusers_requires
 Suggests:       %name-hooks = %version
-%if 0%{with regen_files}
-BuildRequires:  flex
-%endif
 %if 0%{?suse_version} >= 1500
 BuildRequires:  libboost_system-devel
 %else
@@ -133,11 +131,20 @@ Group:          System/Libraries
 libkea-cc is used for the control channel protocol between keactrl
 and the server.

-%package -n libkea-cfgclient%cfgclient_sover
+%package -n libkea-cfgrpt%cfgrpt_sover
+Summary:        Kea DHCP server config report library
+Group:          System/Libraries
+
+%description -n libkea-cfgrpt%cfgrpt_sover
+The cfgrpt library is used for generating configuration reports for Kea,
+providing detailed JSON-formatted summaries of the server's current
+configuration.
+
+%package -n libkea-config%config_sover
 Summary:        Kea DHCP server configuration client library
 Group:          System/Libraries

-%description -n libkea-cfgclient%cfgclient_sover
+%description -n libkea-config%config_sover
 The Kea DHCP server can be managed at runtime via the Control
 Channel. The CC allows an external entity (e.g. a tool run by a
 sysadmin or a script) to issue commands to the server which can
@@ -170,12 +177,12 @@ Group:          System/Libraries
 %description -n libkea-database%database_sover
 Kea's database abstraction library.

-%package -n libkea-dhcp++%dhcppp_sover
+%package -n libkea-dhcp%dhcp_sover
 Summary:        Kea DHCP library
 Group:          System/Libraries

-%description -n libkea-dhcp++%dhcppp_sover
-libdhcp++ is an all-purpose DHCP-manipulation library, written in
+%description -n libkea-dhcp%dhcp_sover
+libdhcp is an all-purpose DHCP-manipulation library, written in
 C++. It offers packet parsing and assembly, DHCPv4 and DHCPv6 options
 parsing and assembly, interface detection, and socket operations It
 can be used by server, client, relay, performance tools and other
@@ -201,11 +208,11 @@ operations, including the "Lease Manager" that manages information
 about leases and the "Configuration Manager" that stores the servers'
 configuration etc.

-%package -n libkea-dns++%dnspp_sover
+%package -n libkea-dns%dns_sover
 Summary:        Kea DHCP server component library
 Group:          System/Libraries

-%description -n libkea-dns++%dnspp_sover
+%description -n libkea-dns%dns_sover
 One of the many libraries the Kea DHCP server is composed of.

 %package -n libkea-eval%eval_sover
@@ -249,6 +256,14 @@ receive messages and send responses over HTTP. This library uses
 boost ASIO for creating TCP connections and asynchronously receive
 and send the data over the sockets.

+%package -n libkea-log-interprocess%log_interprocess_sover
+Summary:        Kea DHCP log interprocess library
+Group:          System/Libraries
+
+%description -n libkea-log-interprocess%log_interprocess_sover
+The log-interprocess library facilitates the transfer of logging messages
+between the different Kea processes.
+
 %package -n libkea-log%log_sover
 Summary:        Kea DHCP logging system library
 Group:          System/Libraries
@@ -321,18 +336,20 @@ Group:          Development/Libraries/C and C++
 Requires:       libkea-asiodns%asiodns_sover = %version
 Requires:       libkea-asiolink%asiolink_sover = %version
 Requires:       libkea-cc%cc_sover = %version
-Requires:       libkea-cfgclient%cfgclient_sover = %version
+Requires:       libkea-cfgrpt%cfgrpt_sover = %version
+Requires:       libkea-config%config_sover = %version
 Requires:       libkea-cryptolink%cryptolink_sover = %version
 Requires:       libkea-d2srv%d2srv_sover = %version
 Requires:       libkea-database%database_sover = %version
-Requires:       libkea-dhcp++%dhcppp_sover = %version
+Requires:       libkea-dhcp%dhcp_sover = %version
 Requires:       libkea-dhcp_ddns%dhcp_ddns_sover = %version
 Requires:       libkea-dhcpsrv%dhcpsrv_sover = %version
-Requires:       libkea-dns++%dnspp_sover = %version
+Requires:       libkea-dns%dns_sover = %version
 Requires:       libkea-eval%eval_sover = %version
 Requires:       libkea-exceptions%exceptions_sover = %version
 Requires:       libkea-hooks%hooks_sover = %version
 Requires:       libkea-http%http_sover = %version
+Requires:       libkea-log-interprocess%log_interprocess_sover = %version
 Requires:       libkea-log%log_sover = %version
 Requires:       libkea-mysql%mysql_sover = %version
 Requires:       libkea-pgsql%pgsql_sover = %version
@@ -354,41 +371,16 @@ Development files for the Kea DHCP server
 export FREERADIUS_INCLUDE="%_includedir/freeradius"
 export FREERADIUS_LIB=""
 export FREERADIUS_DICTIONARY=""
-autoreconf -fi
-%configure \
-	--disable-rpath --disable-static \
-%if 0%{with regen_files}
-	--enable-generate-docs --enable-generate-parser \
-%endif
-	--enable-logger-checks \
-	--with-dhcp-mysql --with-dhcp-pgsql \
-	--enable-perfdhcp --enable-shell
-make %{?_smp_mflags}
+%meson --install-umask 022 -D netconf=disabled
+%meson_build
+%meson_build doc

 %install
 b=%buildroot
-%make_install
+%meson_install
 find %buildroot -type f -name "*.la" -delete -print
-mkdir -p "$b/%_unitdir" "$b/%_tmpfilesdir" "$b/%_sysusersdir"
-cat <<-EOF >"$b/%_unitdir/kea.service"
-	[Unit]
-	Description=ISC Kea DHCP server
-	Before=multi-user.target
-	After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service
-	[Service]
-	Type=forking
-	Environment=KEA_PIDFILE_DIR=%_rundir/%name
-        RuntimeDirectory=kea
-	ExecStart=%_sbindir/keactrl start
-	ExecReload=%_sbindir/keactrl reload
-	ExecStop=%_sbindir/keactrl stop
-	[Install]
-	WantedBy=multi-user.target
-	Alias=dhcp-server.service
-EOF
-cat <<-EOF >"$b/%_tmpfilesdir/kea.conf"
-	d /run/kea 0775 keadhcp keadhcp -
-EOF
+mkdir -p "$b/%_unitdir" "$b/%_sysusersdir"
+cp %_sourcedir/*.service "$b/%_unitdir/"
 echo 'u keadhcp - "Kea DHCP server" /var/lib/kea' >system-user-keadhcp.conf
 cp -a system-user-keadhcp.conf "$b/%_sysusersdir/"
 %sysusers_generate_pre system-user-keadhcp.conf random system-user-keadhcp.conf
@@ -397,85 +389,106 @@ perl -i -pe 's{%_localstatedir/log/kea-}{%_localstatedir/log/kea/}' \
 	"$b/%_sysconfdir/kea"/*.conf

 mkdir -p "$b%_localstatedir/log/kea"
-ln -s "%_sbindir/service" "%buildroot/%_sbindir/rc%name"

 # Remove unnecessary files
-find "%buildroot/%_libdir" -name "*.so.*" -type l -delete
 rm -Rf "%buildroot/%python3_sitelib/kea/__pycache__"
+# Remove meson-info directory as it contains non reproducable files
+rm -Rf "%{buildroot}/%{_datadir}/kea/meson-info"
+%fdupes %{buildroot}/%{_datadir}/doc/kea

 %pre -f random.pre
-systemd-tmpfiles --create kea.conf || :
-%service_add_pre kea.service
+%service_add_pre kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service

 %post
-%service_add_post kea.service
+%service_add_post kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service
+if [ "$1" -gt 1 ]; then
+	chown -R keadhcp:keadhcp "%_localstatedir/lib/kea"
+	chown -R keadhcp:keadhcp "%_localstatedir/log/kea"
+	find %_sysconfdir/kea/ -type f -name '*.conf' -exec chown root:keadhcp {} +
+	find %_sysconfdir/kea/ -type f -name '*.conf' -exec chmod 640 {} +
+fi
+bigkea_enabled=$(/usr/bin/systemctl is-enabled kea.service 2>/dev/null || :)
+bigkea_active=$(/usr/bin/systemctl is-active kea.service 2>/dev/null || :)
+use_dhcp4=$(grep -ie ^dhcp4=yes /etc/kea/keactrl.conf 2>/dev/null || :)
+use_dhcp6=$(grep -ie ^dhcp6=yes /etc/kea/keactrl.conf 2>/dev/null || :)
+use_ddns=$(grep -ie ^dhcp_ddns=yes /etc/kea/keactrl.conf 2>/dev/null || :)
+use_agent=$(grep -ie ^ctrl_agent=yes /etc/kea/keactrl.conf 2>/dev/null || :)
+if [ "$bigkea_enabled" = "enabled" ]; then
+	echo "Transferring enablement of kea.service to new split units..."
+	/usr/bin/systemctl disable kea.service || :
+	if [ -n "$use_dhcp4" ]; then
+		/usr/bin/systemctl enable kea-dhcp4.service || :
+	fi
+	if [ -n "$use_dhcp6" ]; then
+		/usr/bin/systemctl enable kea-dhcp6.service || :
+	fi
+	if [ -n "$use_ddns" ]; then
+		/usr/bin/systemctl enable kea-dhcp-ddns.service || :
+	fi
+	if [ -n "$use_agent" ]; then
+		/usr/bin/systemctl enable kea-ctrl-agent.service || :
+	fi
+fi
+if [ "$bigkea_active" = "active" ]; then
+	echo "Transferring active state of kea.service to new split units..."
+	/usr/bin/systemctl disable --now kea.service || :
+	if [ -n "$use_dhcp4" ]; then
+		/usr/bin/systemctl start kea-dhcp4.service || :
+	fi
+	if [ -n "$use_dhcp6" ]; then
+		/usr/bin/systemctl start kea-dhcp6.service || :
+	fi
+	if [ -n "$use_ddns" ]; then
+		/usr/bin/systemctl start kea-dhcp-ddns.service || :
+	fi
+	if [ -n "$use_agent" ]; then
+		/usr/bin/systemctl start kea-ctrl-agent.service || :
+	fi
+fi

 %preun
-%service_del_preun kea.service
+%service_del_preun kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service

 %postun
-%service_del_postun kea.service
+%service_del_postun kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service

-%post   -n libkea-asiodns%asiodns_sover -p /sbin/ldconfig
-%postun -n libkea-asiodns%asiodns_sover -p /sbin/ldconfig
-%post   -n libkea-asiolink%asiolink_sover -p /sbin/ldconfig
-%postun -n libkea-asiolink%asiolink_sover -p /sbin/ldconfig
-%post   -n libkea-cc%cc_sover -p /sbin/ldconfig
-%postun -n libkea-cc%cc_sover -p /sbin/ldconfig
-%post   -n libkea-cfgclient%cfgclient_sover -p /sbin/ldconfig
-%postun -n libkea-cfgclient%cfgclient_sover -p /sbin/ldconfig
-%post   -n libkea-cryptolink%cryptolink_sover -p /sbin/ldconfig
-%postun -n libkea-cryptolink%cryptolink_sover -p /sbin/ldconfig
-%post   -n libkea-d2srv%d2srv_sover -p /sbin/ldconfig
-%postun -n libkea-d2srv%d2srv_sover -p /sbin/ldconfig
-%post   -n libkea-database%database_sover -p /sbin/ldconfig
-%postun -n libkea-database%database_sover -p /sbin/ldconfig
-%post   -n libkea-dhcp++%dhcppp_sover -p /sbin/ldconfig
-%postun -n libkea-dhcp++%dhcppp_sover -p /sbin/ldconfig
-%post   -n libkea-dhcp_ddns%dhcp_ddns_sover -p /sbin/ldconfig
-%postun -n libkea-dhcp_ddns%dhcp_ddns_sover -p /sbin/ldconfig
-%post   -n libkea-dhcpsrv%dhcpsrv_sover -p /sbin/ldconfig
-%postun -n libkea-dhcpsrv%dhcpsrv_sover -p /sbin/ldconfig
-%post   -n libkea-dns++%dnspp_sover -p /sbin/ldconfig
-%postun -n libkea-dns++%dnspp_sover -p /sbin/ldconfig
-%post   -n libkea-eval%eval_sover -p /sbin/ldconfig
-%postun -n libkea-eval%eval_sover -p /sbin/ldconfig
-%post   -n libkea-exceptions%exceptions_sover -p /sbin/ldconfig
-%postun -n libkea-exceptions%exceptions_sover -p /sbin/ldconfig
-%post   -n libkea-hooks%hooks_sover -p /sbin/ldconfig
-%postun -n libkea-hooks%hooks_sover -p /sbin/ldconfig
-%post   -n libkea-http%http_sover -p /sbin/ldconfig
-%postun -n libkea-http%http_sover -p /sbin/ldconfig
-%post   -n libkea-log%log_sover -p /sbin/ldconfig
-%postun -n libkea-log%log_sover -p /sbin/ldconfig
-%post   -n libkea-mysql%mysql_sover -p /sbin/ldconfig
-%postun -n libkea-mysql%mysql_sover -p /sbin/ldconfig
-%post   -n libkea-pgsql%pgsql_sover -p /sbin/ldconfig
-%postun -n libkea-pgsql%pgsql_sover -p /sbin/ldconfig
-%post   -n libkea-process%process_sover -p /sbin/ldconfig
-%postun -n libkea-process%process_sover -p /sbin/ldconfig
-%post   -n libkea-stats%stats_sover -p /sbin/ldconfig
-%postun -n libkea-stats%stats_sover -p /sbin/ldconfig
-%post   -n libkea-tcp%tcp_sover -p /sbin/ldconfig
-%postun -n libkea-tcp%tcp_sover -p /sbin/ldconfig
-%post   -n libkea-util-io%util_io_sover -p /sbin/ldconfig
-%postun -n libkea-util-io%util_io_sover -p /sbin/ldconfig
-%post   -n libkea-util%util_sover -p /sbin/ldconfig
-%postun -n libkea-util%util_sover -p /sbin/ldconfig
+%ldconfig_scriptlets -n libkea-asiodns%asiodns_sover
+%ldconfig_scriptlets -n libkea-asiolink%asiolink_sover
+%ldconfig_scriptlets -n libkea-cc%cc_sover
+%ldconfig_scriptlets -n libkea-cfgrpt%cfgrpt_sover
+%ldconfig_scriptlets -n libkea-config%config_sover
+%ldconfig_scriptlets -n libkea-cryptolink%cryptolink_sover
+%ldconfig_scriptlets -n libkea-d2srv%d2srv_sover
+%ldconfig_scriptlets -n libkea-database%database_sover
+%ldconfig_scriptlets -n libkea-dhcp%dhcp_sover
+%ldconfig_scriptlets -n libkea-dhcp_ddns%dhcp_ddns_sover
+%ldconfig_scriptlets -n libkea-dhcpsrv%dhcpsrv_sover
+%ldconfig_scriptlets -n libkea-dns%dns_sover
+%ldconfig_scriptlets -n libkea-eval%eval_sover
+%ldconfig_scriptlets -n libkea-exceptions%exceptions_sover
+%ldconfig_scriptlets -n libkea-hooks%hooks_sover
+%ldconfig_scriptlets -n libkea-http%http_sover
+%ldconfig_scriptlets -n libkea-log-interprocess%log_interprocess_sover
+%ldconfig_scriptlets -n libkea-log%log_sover
+%ldconfig_scriptlets -n libkea-mysql%mysql_sover
+%ldconfig_scriptlets -n libkea-pgsql%pgsql_sover
+%ldconfig_scriptlets -n libkea-process%process_sover
+%ldconfig_scriptlets -n libkea-stats%stats_sover
+%ldconfig_scriptlets -n libkea-tcp%tcp_sover
+%ldconfig_scriptlets -n libkea-util-io%util_io_sover
+%ldconfig_scriptlets -n libkea-util%util_sover

 %files
-%dir %_sysconfdir/kea
-%config(noreplace) %_sysconfdir/kea/*.conf
+%dir %attr(0755,root,root) %_sysconfdir/kea
+%config(noreplace) %attr(0640,root,keadhcp) %_sysconfdir/kea/*.conf
 %_mandir/man8/*.8%{?ext_man}
-%_sbindir/rckea
 %_sbindir/kea*
 %_sbindir/perfdhcp
 %_datadir/kea/
 %_unitdir/*.service
-%dir %_localstatedir/lib/kea
-%_tmpfilesdir/
-%_sysusersdir/
-%attr(0775,keadhcp,keadhcp) %_localstatedir/log/kea/
+%dir %attr(0750,keadhcp,keadhcp) %_localstatedir/lib/kea
+%_sysusersdir/*
+%attr(0750,keadhcp,keadhcp) %_localstatedir/log/kea/

 %files doc
 %doc %_datadir/doc/kea/
@@ -484,74 +497,107 @@ systemd-tmpfiles --create kea.conf || :
 %files hooks
 %dir %_libdir/kea
 %_libdir/kea/hooks/
+%dir %{_sysconfdir}/kea/radius
+%{_sysconfdir}/kea/radius/dictionary

 %files -n libkea-asiodns%asiodns_sover
+%_libdir/libkea-asiodns.so.%asiodns_sover
 %_libdir/libkea-asiodns.so.%asiodns_sover.*

 %files -n libkea-asiolink%asiolink_sover
+%_libdir/libkea-asiolink.so.%asiolink_sover
 %_libdir/libkea-asiolink.so.%asiolink_sover.*

 %files -n libkea-cc%cc_sover
+%_libdir/libkea-cc.so.%cc_sover
 %_libdir/libkea-cc.so.%cc_sover.*

-%files -n libkea-cfgclient%cfgclient_sover
-%_libdir/libkea-cfgclient.so.%cfgclient_sover.*
+%files -n libkea-cfgrpt%cfgrpt_sover
+%_libdir/libkea-cfgrpt.so.%cfgrpt_sover
+%_libdir/libkea-cfgrpt.so.%cfgrpt_sover.*
+
+%files -n libkea-config%config_sover
+%_libdir/libkea-config.so.%config_sover
+%_libdir/libkea-config.so.%config_sover.*

 %files -n libkea-cryptolink%cryptolink_sover
+%_libdir/libkea-cryptolink.so.%cryptolink_sover
 %_libdir/libkea-cryptolink.so.%cryptolink_sover.*

 %files -n libkea-d2srv%d2srv_sover
+%_libdir/libkea-d2srv.so.%d2srv_sover
 %_libdir/libkea-d2srv.so.%d2srv_sover.*

 %files -n libkea-database%database_sover
+%_libdir/libkea-database.so.%database_sover
 %_libdir/libkea-database.so.%database_sover.*

-%files -n libkea-dhcp++%dhcppp_sover
-%_libdir/libkea-dhcp++.so.%dhcppp_sover.*
+%files -n libkea-dhcp%dhcp_sover
+%_libdir/libkea-dhcp.so.%dhcp_sover
+%_libdir/libkea-dhcp.so.%dhcp_sover.*

 %files -n libkea-dhcp_ddns%dhcp_ddns_sover
+%_libdir/libkea-dhcp_ddns.so.%dhcp_ddns_sover
 %_libdir/libkea-dhcp_ddns.so.%dhcp_ddns_sover.*

 %files -n libkea-dhcpsrv%dhcpsrv_sover
+%_libdir/libkea-dhcpsrv.so.%dhcpsrv_sover
 %_libdir/libkea-dhcpsrv.so.%dhcpsrv_sover.*

-%files -n libkea-dns++%dnspp_sover
-%_libdir/libkea-dns++.so.%dnspp_sover.*
+%files -n libkea-dns%dns_sover
+%_libdir/libkea-dns.so.%dns_sover
+%_libdir/libkea-dns.so.%dns_sover.*

 %files -n libkea-eval%eval_sover
+%_libdir/libkea-eval.so.%eval_sover
 %_libdir/libkea-eval.so.%eval_sover.*

 %files -n libkea-exceptions%exceptions_sover
+%_libdir/libkea-exceptions.so.%exceptions_sover
 %_libdir/libkea-exceptions.so.%exceptions_sover.*

 %files -n libkea-hooks%hooks_sover
+%_libdir/libkea-hooks.so.%hooks_sover
 %_libdir/libkea-hooks.so.%hooks_sover.*

 %files -n libkea-http%http_sover
+%_libdir/libkea-http.so.%http_sover
 %_libdir/libkea-http.so.%http_sover.*

+%files -n libkea-log-interprocess%log_interprocess_sover
+%_libdir/libkea-log-interprocess.so.%log_interprocess_sover
+%_libdir/libkea-log-interprocess.so.%log_interprocess_sover.*
+
 %files -n libkea-log%log_sover
+%_libdir/libkea-log.so.%log_sover
 %_libdir/libkea-log.so.%log_sover.*

 %files -n libkea-mysql%mysql_sover
+%_libdir/libkea-mysql.so.%mysql_sover
 %_libdir/libkea-mysql.so.%mysql_sover.*

 %files -n libkea-pgsql%pgsql_sover
+%_libdir/libkea-pgsql.so.%pgsql_sover
 %_libdir/libkea-pgsql.so.%pgsql_sover.*

 %files -n libkea-process%process_sover
+%_libdir/libkea-process.so.%process_sover
 %_libdir/libkea-process.so.%process_sover.*

 %files -n libkea-stats%stats_sover
+%_libdir/libkea-stats.so.%stats_sover
 %_libdir/libkea-stats.so.%stats_sover.*

 %files -n libkea-tcp%tcp_sover
+%_libdir/libkea-tcp.so.%tcp_sover
 %_libdir/libkea-tcp.so.%tcp_sover.*

 %files -n libkea-util-io%util_io_sover
+%_libdir/libkea-util-io.so.%util_io_sover
 %_libdir/libkea-util-io.so.%util_io_sover.*

 %files -n libkea-util%util_sover
+%_libdir/libkea-util.so.%util_sover
 %_libdir/libkea-util.so.%util_sover.*

 %files -n python3-kea
@@ -560,5 +606,7 @@ systemd-tmpfiles --create kea.conf || :
 %files devel
 %_includedir/kea/
 %_libdir/libkea*.so
+%{_libdir}/pkgconfig/*.pc
+%{_bindir}/kea-msg-compiler

 %changelog
Author	SHA256	Message	Date
Jorik Cronenberg	1c290fe1c4	Update to 3.0.1	2025-08-28 11:07:06 +02:00
Jorik Cronenberg	a2a2658827	Remove meson-info dir because it contains non reproducible files	2025-07-29 12:49:32 +02:00
Jorik Cronenberg	159d3c3287	Use meson install_umask to set binaries and libraries permissions	2025-07-07 17:16:23 +02:00
Jorik Cronenberg	79ac13d422	Use chmod in %install instead of %attr	2025-07-03 16:46:44 +02:00
Jorik Cronenberg	484b988d04	Update to release 3.0.0	2025-07-01 14:06:10 +02:00
Jorik Cronenberg	3de0d1f50c	Use network-online.target for systemd services	2025-06-16 14:35:08 +02:00
Jorik Cronenberg	6b30b46d60	Update to version 2.6.3	2025-05-28 19:03:45 +02:00
Jorik Cronenberg	92ab1af6af	Update owner and perms in %post on modified config files	2025-04-30 16:00:13 +02:00
Jan Engelhardt	4b0d6125ef	%post logic for switching from kea.service to kea-*.service	2025-04-15 21:42:36 +02:00
Jorik Cronenberg	c32b9b08fa	Update services, user, group and dir access - Split off services into separate ones to allow more fine grained control for e.g. capabilities. - Tighten access to state and log directories	2025-04-15 14:01:51 +02:00
Jan Engelhardt	59f1a3766a	Dummy commit to test scmsync	2025-03-27 11:18:09 +01:00
Jorik Cronenberg	08da159db5	Update to version 2.6.2	2025-03-26 17:11:07 +01:00
Jorik Cronenberg	f28bceea66	Fix for latest boost version 1.87 and sphinx changes	2025-03-13 14:53:30 +01:00
Jorik Cronenberg	9912ef67c7	Remove leading zeros from %if %{with ...}	2024-10-08 16:47:30 +02:00
Jorik Cronenberg	c3078ecd5f	Update to release 2.6.1	2024-10-08 15:12:23 +02:00
Jan Engelhardt	ddf20505c7	kea 2.6.0 (synchronize with OBS)	2024-07-23 05:09:58 +02:00