1

Topic: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

Hello,

I think after the last update there are some issues coming up, exactly when having wpa_supplicant and ntpd linked and started as own services. So this is no further version bump, but another rebuild of the package itself. So here is my proposal for a tix.

First dhcpcd itself:

# Maintainer (Arch): Ronald van Haren <ronald.archlinux.org>
# Contributor (Arch): Tom Killian <tom.archlinux.org>
# Contributor (Arch): Judd Vinet <jvinet.zeroflux.org>
# Contributor (Artix): artoo <artoo@cromnix.org>
# Maintainer: André Silva <emulatorman@hyperbola.info>

pkgname=dhcpcd
pkgver=6.11.6
_debver=6.10.1
_debrel=1
pkgrel=1.hyperbola1
pkgdesc="RFC2131 compliant DHCP client daemon, with logger recommendation and eudev and OpenRC support"
url="https://roy.marples.name/projects/dhcpcd"
arch=('i686' 'x86_64')
license=('Simplified-BSD')
groups=('base')
depends=('glibc' 'sh' 'eudev')
makedepends=('quilt')
optdepends=('openresolv: resolvconf support'
            'logger: message logging support')
provides=('dhcp-client')
backup=('etc/dhcpcd.conf')
options=('emptydirs')  # We Need the Empty /var/lib/dhcpcd Directory
install=dhcpcd.install
source=("https://roy.marples.name/downloads/$pkgname/$pkgname-$pkgver.tar.xz"
        "https://deb.debian.org/debian/pool/main/d/dhcpcd5/dhcpcd5_$_debver-$_debrel.debian.tar.xz"
        'dhcpcd.initd')
sha512sums=('f032f6175a9aaef241c823814021bff6cf9c6f57e6669578dedbf7890c0ffa47115b0164d3d4d2ea63b98ae865c471f50b9b1bdcba6ffca13c1d307b22b5ae0b'
            '889c9ffcb31a93c2f3b4c11fab0d02cd5f9de70d5edd0b838d91a2da66f3448b1d002d6c09ac898cc302f3bb33e3db3c2d0c2dc629a67478588023322d639e52'
            '6d3220155f2d9ed3e3a00afd378eeb70d435e19804201f8bb35498f1f7f3dfdaeaa2f4a01a18f5e96b457d9c173bc6a206b3e67ebf6d95da7e7b350dcd153fde')

prepare() {
  cd "${srcdir}/${pkgname}-${pkgver}"

  if [[ ${pkgver%.*} = ${_debver%.*} ]]; then
    # Debian patches
    export QUILT_PATCHES=debian/patches
    export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
    export QUILT_DIFF_ARGS='--no-timestamps'

    mv "$srcdir"/debian .

    quilt push -av
  fi
}

build() {
  cd "${srcdir}/${pkgname}-${pkgver}"

  # configure variables
  ./configure \
      --prefix=/usr \
      --sysconfdir=/etc \
      --sbindir=/sbin \
      --libdir=/lib \
      --libexecdir=/usr/libexec/dhcpcd \
      --dbdir=/var/lib/dhcpcd \
      --rundir=/run

  # Build
  make
}

check() {
  cd "${srcdir}/${pkgname}-${pkgver}"

  make test
}

package() {
  cd "${srcdir}/${pkgname}-${pkgver}"
  make DESTDIR="${pkgdir}" install

  # Install License
  install -d "$pkgdir/usr/share/licenses/$pkgname"
  sed 26q "$srcdir/$pkgname-$pkgver/control.h" \
      >>"$pkgdir/usr/share/licenses/$pkgname/LICENSE"

  # Set Options in /etc/dhcpcd.conf
  echo noipv4ll >> "${pkgdir}/etc/dhcpcd.conf" # Disable ip4vall

  # Set network group permissions in /etc/dhcpcd.conf for dhcpcd-ui
  chgrp network "${pkgdir}/etc/dhcpcd.conf"
  chmod g+w "${pkgdir}/etc/dhcpcd.conf"

  # Install OpenRC init file
  install -Dm755 "${srcdir}/dhcpcd.initd" "${pkgdir}/etc/init.d/dhcpcd"
}

Removing the hooks within build for now - this has to be tested with hooks but under own conditions as this is not only a renewal of the version itself.

Afterwards a proposal for dhcpcd-hardened-script.
The initd-definition for OpenRC:

#!/sbin/openrc-run
# Copyright 2017-2019 Hyperbola Project
# Distributed under the terms of the GNU General Public License v2

description="dhcpcd-hardened service"
pidfile="/var/run/dhcpcd-hardened.pid"

depend() {
    need localmount
    before net
}

start() {
    /usr/libexec/dhcpcd/dhcpcd_hardened.sh
    ebegin "Starting DHCP Client Daemon in hardened mode"
        /sbin/dhcpcd -q
    eend $?
}

The PKGBUILD:

# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
# Contributor: André Silva <emulatorman@hyperbola.info>

pkgname=dhcpcd-hardened-script
pkgver=0.1
pkgrel=8
pkgdesc="Removes Hostname and resets DUID on bootup to prevent DHCP leaks on the network"
arch=(any)
license=(GPL-2)
depends=('dhcpcd')
optdepends=('logger: message logging support')
source=('dhcpcd_hardened.sh'
        'dhcpcd-hardened.initd'
        'COPYING')
sha512sums=('cc830d52926752e066bdd05c3e550f9170733593e4c8055ffd644bc5c43c249b1e864a117b45572ad128f7d779880b7f6db1e0bc8899208091cb29852d3d00fb'
            '745b0d64f20949f3ee0add116e48a85bf277add72d4f872eebdd8d1e285c7e1ebd978bcc7b87df744d3cb4fd0263dd22d1358cd1bd285e6d60a7257327539f49'
            'aee80b1f9f7f4a8a00dcf6e6ce6c41988dcaedc4de19d9d04460cbfb05d99829ffe8f9d038468eabbfba4d65b38e8dbef5ecf5eb8a1b891d9839cda6c48ee957')

package() {
  install -Dm755 dhcpcd_hardened.sh "$pkgdir"/usr/libexec/dhcpcd/dhcpcd_hardened.sh
  install -Dm755 dhcpcd-hardened.initd "$pkgdir"/etc/init.d/dhcpcd-hardened
  install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

2

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

what problems have you been having? I just wondered, as I haven't had any dhcpcd issues since last update.

wpa_supplicant + dhcpcd + dhcpcd-ui works for me. smile

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

3 (edited by throgh 2020-06-21 23:20:11)

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

Thanks for the insight: Have you added all the services (including (open)ntpd) to the runlevel default? My problem results therefore and those hooks mentioned. Before the last update of dhcpcd this worked for my installation. Another problem to figure out: With my new recompiled package openntpd refused to work and start so I've also modified the service and build my own package. Now working.

To finalize a first analysis: It seems all about the dependencies within starting routine and what is defined within the init-scripts as being "needed". Especially the dhcpcd-hardened-script has some problems when executing on startup as it is a shell-script without runtime-behaviour for a long run being logged in. So the corresponding service is marked as "crashed" afterwards. All in all:

  • modified shell-script for having dhcpcd started with it at start

  • compiled without hook-deployment as it seems being more independent for now and starting just dhcpcd

  • reconfigured openntpd for having nothing more than a markup to start net instead of needing net

It's a little bit more after the philosophy having just one application with one clear task and without some hooks to start or even look for others.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

4

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

throgh wrote:

Thanks for the insight: Have you added all the services (including (open)ntpd) to the runlevel default? My problem results therefore and those hooks mentioned. Before the last update of dhcpcd this worked for my installation. Another problem to figure out: With my new recompiled package openntpd refused to work and start so I've also modified the service and build my own package. Now working.

To finalize a first analysis: It seems all about the dependencies within starting routine and what is defined within the init-scripts as being "needed". Especially the dhcpcd-hardened-script has some problems when executing on startup as it is a shell-script without runtime-behaviour for a long run being logged in. So the corresponding service is marked as "crashed" afterwards. All in all:

  • modified shell-script for having dhcpcd started with it at start

  • compiled without hook-deployment as it seems being more independent for now and starting just dhcpcd

  • reconfigured openntpd for having nothing more than a markup to start net instead of needing net

It's a little bit more after the philosophy having just one application with one clear task and without some hooks to start or even look for others.

Hmm, i don't use ntpd, at least to my knowledge, maybe there is a conflict. hmm

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

5

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

Thanks and yes: It seems being some kind of conflict. Solved for now with those points above, but I'll test these with another installation later on. smile

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

6

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

how to make dhcpcd-hardened-script work i couldn't add it to rc-update add dhcpcd-hardened-script default
but just installing it wont delete dhcpcd.duid on startup

note >> i didn't install from your pkgbuild throgh if i should do so there are some build errors in ur first pkgbuild

7

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

Thanks, could you share the errors with the PKGBUILD-script itself?
Besides it is always relevant what service-name is resulting. If I'm correct the name would be dhcpcd-hardened.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

8 (edited by rachad 2020-08-27 15:22:51)

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

well i guess its working how do i check the real service name?
for the pkgbuild i fixed this

#
 Maintainer (Arch): Ronald van Haren <ronald.archlinux.org>

to

#Maintainer (Arch): Ronald van Haren <ronald.archlinux.org>

then cause im noob i wont fix what comes next smile
==> ERROR: install file (dhcpcd.install) does not exist or is not a regular file
and las this line

                 'dhcpcd.initd')

is there a way of checking pkgbuild errors without installing it?

9

Re: [dhcpcd & dhcpcd-hardened-script] Malfunctioning and problems

Ah okay I see: That's more about an error as the forum is not the best place for scripts. smile
Regarding the missing file, look here: https://mirror.fsf.org/hyperbola/gnu-pl … src.tar.gz

The corresponding package should contain everything for you to download and unpack for later compilation. In fact that's the best place to look after the packages right now.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!