Bug 961180 - Review Request: dhcpy6d - DHCPv6 server daemon
Review Request: dhcpy6d - DHCPv6 server daemon
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-09 00:11 EDT by Christopher Meng
Modified: 2014-11-02 08:45 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-02 08:45:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher Meng 2013-05-09 00:11:39 EDT
Spec URL: http://cicku.me/dhcpy6d.spec
SRPM URL: http://cicku.me/dhcpy6d-0.1.3-1.fc20.src.rpm
Description: Dhcpy6d delivers IPv6 addresses for DHCPv6 clients, which can be identified 
by DUID, hostname or MAC address as in the good old IPv4 days. It allows 
easy dualstack transistion, addresses may be generated randomly, by range, 
by arbitrary ID or MAC address. Clients can get more than one address, 
leases and client configuration can be stored in databases and DNS can be 
updated dynamically.
Fedora Account System Username: cicku
Comment 1 Ian Weller 2013-06-01 05:55:11 EDT
I'd like to review this.

Could you update the package for 0.2?
Comment 2 Christopher Meng 2013-06-03 05:59:27 EDT
(In reply to Ian Weller from comment #1)
> I'd like to review this.
> 
> Could you update the package for 0.2?

OK, please wait.(This software has released many versions recently :( )
Comment 3 Christopher Meng 2013-06-04 12:09:27 EDT
NEW Spec URL: http://cicku.me/dhcpy6d.spec
NEW SRPM URL: http://cicku.me/dhcpy6d-0.2-1.fc20.src.rpm
Comment 4 marcindulak 2013-06-11 04:58:37 EDT
There are few problems:

1. the log file must not be the part of rpm, use:
%exclude %{_localstatedir}/log/%{name}.log
The log file should be still created in the %post section.

2. normally a daemon needs to be installed under /usr/sbin, so:
%{__python} setup.py install --skip-build --prefix=%{_prefix} --install-scripts=%{_sbindir} --root=%{buildroot}
and in the %files section:
%{_sbindir}/%{name}

3. Group:             System Environment/Daemons

A bit more difficult problem is converting dhcpy6d
to run as non-proviledged user, perform user creation/removal in the %pre/%preun
sections, and write the corresponding systemd service file (the current one
is not working).

I'm working on a dhcpy6d.spec, based on yours,
for other distributions: EL6, openSUSE:
https://build.opensuse.org/package/show?package=dhcpy6d&project=home%3Amarcindulak
Comment 5 Christopher Meng 2013-06-11 13:17:48 EDT
(In reply to Marcin.Dulak from comment #4)
> There are few problems:
> 
> 1. the log file must not be the part of rpm, use:
> %exclude %{_localstatedir}/log/%{name}.log
> The log file should be still created in the %post section.

I forgot to remove this, I'll fix it.

> 2. normally a daemon needs to be installed under /usr/sbin, so:
> %{__python} setup.py install --skip-build --prefix=%{_prefix}
> --install-scripts=%{_sbindir} --root=%{buildroot}
> and in the %files section:
> %{_sbindir}/%{name}

We don't need to do this unless you consider this is a MUST.

> 3. Group:             System Environment/Daemons

I don't give every my package a Group tag, Group tag in Fedora is not a MUST.

> A bit more difficult problem is converting dhcpy6d
> to run as non-proviledged user, perform user creation/removal in the
> %pre/%preun
> sections, and write the corresponding systemd service file (the current one
> is not working).

Yeah, can you tell me why you want it to run as non-root user?(I need an answer)
Comment 6 marcindulak 2013-06-11 14:10:41 EDT
(In reply to Christopher Meng from comment #5)
> (In reply to Marcin.Dulak from comment #4)
> > There are few problems:
> > 
> > 1. the log file must not be the part of rpm, use:
> > %exclude %{_localstatedir}/log/%{name}.log
> > The log file should be still created in the %post section.
> 
> I forgot to remove this, I'll fix it.
> 
> > 2. normally a daemon needs to be installed under /usr/sbin, so:
> > %{__python} setup.py install --skip-build --prefix=%{_prefix}
> > --install-scripts=%{_sbindir} --root=%{buildroot}
> > and in the %files section:
> > %{_sbindir}/%{name}
> 
> We don't need to do this unless you consider this is a MUST.
i'm not sure. It seems this is what fhs still recommends: http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
> 
> > 3. Group:             System Environment/Daemons
> 
> I don't give every my package a Group tag, Group tag in Fedora is not a MUST.
> 
> > A bit more difficult problem is converting dhcpy6d
> > to run as non-proviledged user, perform user creation/removal in the
> > %pre/%preun
> > sections, and write the corresponding systemd service file (the current one
> > is not working).
> 
> Yeah, can you tell me why you want it to run as non-root user?(I need an
> answer)
maybe starting as non-root is no longer recommended with systemd, but was a common practice with system V. I see for example that /usr/sbin/sshd runs as root on fedora 20, on the other hand 
http://twistedmatrix.com/documents/13.0.0/core/howto/systemd.html recommends non-root.
Comment 7 marcindulak 2013-06-20 18:39:48 EDT
Hi,

i prepared patches for the spec and service file:
http://marcindulak.fedorapeople.org/packages/dhcpy6d/v01/dhcpy6d.spec.patch
http://marcindulak.fedorapeople.org/packages/dhcpy6d/v01/dhcpy6d.service.patch
Please review them.
After these changes restart,start,stop of dhcpy6d.service works.
I haven't tested any dhcpy6d functionality though.

(In reply to Marcin.Dulak from comment #6)
> (In reply to Christopher Meng from comment #5)
> > (In reply to Marcin.Dulak from comment #4)
> > > There are few problems:
> > > 
> > > 1. the log file must not be the part of rpm, use:
> > > %exclude %{_localstatedir}/log/%{name}.log
> > > The log file should be still created in the %post section.
> > 
> > I forgot to remove this, I'll fix it.
> > 
> > > 2. normally a daemon needs to be installed under /usr/sbin, so:
> > > %{__python} setup.py install --skip-build --prefix=%{_prefix}
> > > --install-scripts=%{_sbindir} --root=%{buildroot}
> > > and in the %files section:
> > > %{_sbindir}/%{name}
> > 
> > We don't need to do this unless you consider this is a MUST.
> i'm not sure. It seems this is what fhs still recommends:
> http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
> > 
> > > 3. Group:             System Environment/Daemons
> > 
> > I don't give every my package a Group tag, Group tag in Fedora is not a MUST.
> > 
> > > A bit more difficult problem is converting dhcpy6d
> > > to run as non-proviledged user, perform user creation/removal in the
> > > %pre/%preun
> > > sections, and write the corresponding systemd service file (the current one
> > > is not working).
> > 
> > Yeah, can you tell me why you want it to run as non-root user?(I need an
> > answer)
> maybe starting as non-root is no longer recommended with systemd, but was a
> common practice with system V. I see for example that /usr/sbin/sshd runs as
> root on fedora 20, on the other hand 
> http://twistedmatrix.com/documents/13.0.0/core/howto/systemd.html recommends
> non-root.
Comment 8 Christopher Meng 2013-06-20 21:10:07 EDT
(In reply to Marcin.Dulak from comment #7)

Hi,

Thanks for your patch, I will look into it later.

After some discussion I finally decide to let dhcpy6d running under its own user/group.

So I'll update the request later.
Comment 9 Christopher Meng 2013-06-21 00:01:47 EDT
Some files are incorrect indeed, I've fixed.

For the log file touch, should we need to touch that file? Currently I just removed the log in %install section.

NEW Spec URL: http://cicku.me/dhcpy6d.spec
NEW SRPM URL: http://cicku.me/dhcpy6d-0.2-2.fc20.src.rpm
Comment 10 marcindulak 2013-06-21 03:42:31 EDT
(In reply to Christopher Meng from comment #8)
> (In reply to Marcin.Dulak from comment #7)
> 
> Hi,
> 
> Thanks for your patch, I will look into it later.
> 
> After some discussion I finally decide to let dhcpy6d running under its own
> user/group.
> 
running as non-priviledged user
may require dhcpy6d working together with the authors of dhcpy6d,
as the server wants to open a low port 547.
So maybe let's leave it running as root for now.

> So I'll update the request later.
Comment 11 marcindulak 2013-06-21 04:45:38 EDT
(In reply to Christopher Meng from comment #9)
> Some files are incorrect indeed, I've fixed.
> 
> For the log file touch, should we need to touch that file? Currently I just
> removed the log in %install section.
yes, we need it. To test that:
rm -f /var/log/dhcpy6d.log
yum install dhcpy6d*.rpm
systemctl start dhcpy6d
grep "dhcpy6d: IOError" /var/log/messages
In order to verify that dhcpy6d does not run correctly as
non-priviledged user, do as root:
touch /var/log/dhcpy6d.log
systemctl start dhcpy6d  # /var/log/dhcpy6d.log unwritable by dhcpy6d
chown dhcpy6d:dhcpy6d /var/log/dhcpy6d.log
systemctl start dhcpy6d
grep "dhcpy6d: socket.error" /var/log/messages

Let's focus on getting dhcpy6d to work as root.
We have contacted the authors of dhcpy6d about running it as
non-priviledged user.

> 
> NEW Spec URL: http://cicku.me/dhcpy6d.spec
> NEW SRPM URL: http://cicku.me/dhcpy6d-0.2-2.fc20.src.rpm
Comment 12 Christopher Meng 2013-06-21 08:21:39 EDT
Updated.

Please check again:

NEW Spec URL: http://cicku.me/dhcpy6d.spec
NEW SRPM URL: http://cicku.me/dhcpy6d-0.2-2.fc20.src.rpm
Comment 13 marcindulak 2013-06-21 09:28:34 EDT
It works for me with settings from dhcpy6d.service.patch bug#961180#c7
(Type=simple and run as root). Can you test systemclt start/stop on your Fedora machine and confirm that Type=forking hangs? Different types are described in
man systemd.service. I think it may be also a good practice to have
syslog.target in After - dhcpy6d performs logging.

There is one spelling left:
dhcpy6d.noarch: W: spelling-error %description -l en_US dualstack -> dual stack, dual-stack
Comment 14 marcindulak 2013-07-17 03:35:21 EDT
NotReady: we are waiting for the next release of dhcpy6d which will run as non-priviledged user. It's already on github https://github.com/HenriWahl/dhcpy6d , but not released yet.
Comment 15 marcindulak 2013-09-02 04:35:33 EDT
Hi, any progress here? There is already a new version of dhcpy6d
Comment 16 Christopher Meng 2013-09-02 05:55:06 EDT
(In reply to marcindulak from comment #15)
> Hi, any progress here? There is already a new version of dhcpy6d

Busy now, will update later.
Comment 17 marcindulak 2014-10-26 07:41:42 EDT
I'll be closing this due to inactivity in one week

Note You need to log in before you can comment on or make changes to this bug.