kea-packaging issueshttps://gitlab.isc.org/isc-projects/kea-packaging/-/issues2024-02-14T13:30:51Zhttps://gitlab.isc.org/isc-projects/kea-packaging/-/issues/22ownership and privileges in deb and rpm2024-02-14T13:30:51ZWlodzimierz Wencelownership and privileges in deb and rpmThere are some things we probably should do in all packages.
- [ ] installed config files should be owned by kea, but should it be also owned by group kea, or root?
- [ ] remove all x (other) privileges from binaries in rpm/deb
- [ ] che...There are some things we probably should do in all packages.
- [ ] installed config files should be owned by kea, but should it be also owned by group kea, or root?
- [ ] remove all x (other) privileges from binaries in rpm/deb
- [ ] check if all created directories have ownership set to `kea` (`_kea` user) otherwise it may have problems to start/exithttps://gitlab.isc.org/isc-projects/kea-packaging/-/issues/21kea-dhcp4 from deb can't open raw sockets under _kea user2023-10-25T08:01:16ZWlodzimierz Wencelkea-dhcp4 from deb can't open raw sockets under _kea userWork on docker revealed another issue with our packages, kea-dhcp4 service in deb package can't open RAW socket under `_kea` user it suppose to use.Work on docker revealed another issue with our packages, kea-dhcp4 service in deb package can't open RAW socket under `_kea` user it suppose to use.https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/16Post audit: review packages for running as root2023-09-21T10:10:53ZTomek MrugalskiPost audit: review packages for running as root@manu's [audit reported](https://gitlab.isc.org/isc-private/kea/-/wikis/Kea-Security-Review-02-2023#8-run-kea-from-an-unprivileged-account) the following issue:
Kea should run from unprivileged user, when possible. At the time of his au...@manu's [audit reported](https://gitlab.isc.org/isc-private/kea/-/wikis/Kea-Security-Review-02-2023#8-run-kea-from-an-unprivileged-account) the following issue:
Kea should run from unprivileged user, when possible. At the time of his audit, Ubuntu did that. The goal of this ticket is to check all packages to see if they're running kea as non-root. If any of them still run as root, they should be updated or a good explanation why it can't be done should be described here.Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea-packaging/-/issues/8Unable to build Debian packages using the content in this repo2023-03-10T19:29:32ZKevin FlemingUnable to build Debian packages using the content in this repoI'm trying to build Kea packages locally, on an arm64 machine since I need packages for that architecture and they aren't available in the Cloudsmith repositories.
While this repo's description says it is 'private', it's not actually pr...I'm trying to build Kea packages locally, on an arm64 machine since I need packages for that architecture and they aren't available in the Cloudsmith repositories.
While this repo's description says it is 'private', it's not actually private so I decided to try to use it.
Unfortunately dropping the `debian` directory from this repository into a Kea source tree and then trying to build the packages failed, because the `debian` directory contains patches which cannot be applied to Kea 2.2.x sources.
Is this repository actively in use for building Kea packages?