commit: 911165f6b1779225e1ae8227782eaff24ef88c5a Author: Peter Leese <inbox <AT> peterleese <DOT> org> AuthorDate: Mon Jan 5 21:28:09 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Jan 10 12:46:14 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=911165f6
net-misc/kea: fix header permissions Change the meson install umask from the default of 027 to 023 so that kea header files and other api related data artifacts are readable by non-priviledged users. Bug: https://bugs.gentoo.org/968272 Signed-off-by: Peter Leese <inbox <AT> peterleese.org> Part-of: https://github.com/gentoo/gentoo/pull/45261 Signed-off-by: Sam James <sam <AT> gentoo.org> .../kea/{kea-9999.ebuild => kea-3.0.2-r1.ebuild} | 45 +++++++++++++++++----- net-misc/kea/kea-9999.ebuild | 8 ++++ 2 files changed, 43 insertions(+), 10 deletions(-) diff --git a/net-misc/kea/kea-9999.ebuild b/net-misc/kea/kea-3.0.2-r1.ebuild similarity index 86% copy from net-misc/kea/kea-9999.ebuild copy to net-misc/kea/kea-3.0.2-r1.ebuild index 2f244cef8148..ba80c962f37e 100644 --- a/net-misc/kea/kea-9999.ebuild +++ b/net-misc/kea/kea-3.0.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -13,13 +13,16 @@ if [[ ${PV} == 9999 ]]; then inherit git-r3 EGIT_REPO_URI="https://gitlab.isc.org/isc-projects/kea.git"; else - SRC_URI="https://downloads.isc.org/isc/kea/${PV}/${P}.tar.xz"; - KEYWORDS="~amd64 ~arm ~arm64 ~x86" + SRC_URI=" + https://downloads.isc.org/isc/kea/${PV}/${P}.tar.xz + !doc? ( https://codeberg.org/peter1010/kea-manpages/archive/kea-manpages-${PV}.tar.gz ) + " + KEYWORDS="amd64 arm arm64 ~x86" fi LICENSE="MPL-2.0" SLOT="0" -IUSE="debug doc mysql +openssl postgres shell test" +IUSE="debug doc kerberos mysql +openssl postgres shell test" REQUIRED_USE="shell? ( ${PYTHON_REQUIRED_USE} )" RESTRICT="!test? ( test )" @@ -27,6 +30,7 @@ RESTRICT="!test? ( test )" COMMON_DEPEND=" >=dev-libs/boost-1.66:= dev-libs/log4cplus:= + kerberos? ( virtual/krb5 ) mysql? ( app-arch/zstd:= dev-db/mysql-connector-c:= @@ -57,6 +61,10 @@ BDEPEND=" ${PYTHON_DEPS} " +PATCHES=( + "${FILESDIR}"/kea-3.0.1-boost-1.89.patch +) + python_check_deps() { use doc || return 0; python_has_version "dev-python/sphinx[${PYTHON_USEDEP}]" \ @@ -106,15 +114,19 @@ src_configure() { append-cxxflags -std=c++20 fi + # Note: https://gitlab.isc.org/isc-projects/kea/-/issues/4171 suggests patching meson.build to set umask, + # instead here we pass install-umask as an argument to do the same thing, i.e. control permissions on + # installed files. local emesonargs=( --localstatedir="${EPREFIX}/var" -Drunstatedir="${EPREFIX}/run" - -Dkrb5=disabled + $(meson_feature kerberos krb5) -Dnetconf=disabled -Dcrypto=$(usex openssl openssl botan) $(meson_feature mysql) $(meson_feature postgres postgresql) $(meson_feature test tests) + --install-umask=0o023 ) if use debug; then emesonargs+=( @@ -127,8 +139,6 @@ src_configure() { src_compile() { meson_src_compile - # Note: If you want man pages doc use has to be set. This may change - # in the future and be like 2.6.3 where man pages were part of the release tarball use doc && meson_src_compile doc } @@ -155,6 +165,7 @@ src_test() { kea-log-console_test.sh dhcp-lease-query-tests kea-dhcp6-tests + kea-dhcp4-tests kea-dhcp-tests ) @@ -164,7 +175,6 @@ src_test() { kea-mysql-tests dhcp-mysql-lib-tests dhcp-forensic-log-libloadtests - kea-dhcp4-tests ) fi @@ -174,7 +184,12 @@ src_test() { kea-pgsql-tests dhcp-pgsql-lib-tests dhcp-forensic-log-libloadtests - kea-dhcp4-tests + ) + fi + + if use kerberos; then + SKIP_TESTS+=( + ddns-gss-tsig-tests ) fi @@ -182,7 +197,6 @@ src_test() { # see https://bugs.gentoo.org/958171 for reason for skipping these tests SKIP_TESTS+=( kea-util-tests - kea-dhcp4-tests kea-dhcpsrv-tests dhcp-ha-lib-tests kea-d2-tests @@ -234,6 +248,10 @@ src_install() { fowners -R root:dhcp /etc/${PN} + # A side effect of using install_umask 023 in meson setup is setting config files to be world readable + # lets not do that + fperms -R 0640 /etc/${PN} + # Install a conf per service and a linked init script per service newinitd "${FILESDIR}"/${PN}-initd-r3 ${PN} local svc @@ -244,6 +262,10 @@ src_install() { dosym kea "${EPREFIX}"/etc/init.d/kea-${svc} done + if use !doc; then + doman "${WORKDIR}"/kea-manpages/man/* + fi + systemd_newunit "${FILESDIR}"/${PN}-ctrl-agent.service-r2 ${PN}-ctrl-agent.service systemd_newunit "${FILESDIR}"/${PN}-dhcp-ddns.service-r2 ${PN}-dhcp-ddns.service systemd_newunit "${FILESDIR}"/${PN}-dhcp4.service-r2 ${PN}-dhcp4.service @@ -274,6 +296,9 @@ pkg_postinst() { fi if ver_replacing -lt 3.0; then + ewarn "Make sure that ${EPREFIX}/var/lib/kea and all the files in it are owned by dhcp:" + ewarn "chown -R dhcp:dhcp ${EPREFIX}/var/lib/kea" + ewarn ewarn "If using openrc;" ewarn " There are now separate conf.d scripts and associated init.d per daemon!" ewarn " Each Daemon needs to be launched separately, i.e. the daemons are" diff --git a/net-misc/kea/kea-9999.ebuild b/net-misc/kea/kea-9999.ebuild index 2f244cef8148..8706e6d9c573 100644 --- a/net-misc/kea/kea-9999.ebuild +++ b/net-misc/kea/kea-9999.ebuild @@ -106,6 +106,9 @@ src_configure() { append-cxxflags -std=c++20 fi + # Note: https://gitlab.isc.org/isc-projects/kea/-/issues/4171 suggests patching meson.build to set umask, + # instead here we pass install-umask as an argument to do the same thing, i.e. control permissions on + # installed files. local emesonargs=( --localstatedir="${EPREFIX}/var" -Drunstatedir="${EPREFIX}/run" @@ -115,6 +118,7 @@ src_configure() { $(meson_feature mysql) $(meson_feature postgres postgresql) $(meson_feature test tests) + --install-umask=0o023 ) if use debug; then emesonargs+=( @@ -234,6 +238,10 @@ src_install() { fowners -R root:dhcp /etc/${PN} + # A side effect of using install_umask 023 in meson setup is setting config files to be world readable + # lets not do that + fperms -R 0640 /etc/${PN} + # Install a conf per service and a linked init script per service newinitd "${FILESDIR}"/${PN}-initd-r3 ${PN} local svc
