new paranoia and jail options handled by rc variables to easy they use.

PR: 68357 Submitted by: Cyrille Lefevre <cyrille.lefevre@laposte.net> (maintainer)
author: Oliver Eikemeier <eik@FreeBSD.org> 2004-06-26 14:32:41 +0000
committer: Oliver Eikemeier <eik@FreeBSD.org> 2004-06-26 14:32:41 +0000
commit: bf45d386a18a7763fae716088e19c2c606f92a1c (patch)
tree: b216d55923331ca603f96902a8f46874f5288c82 /net/isc-dhcp31-server
parent: Update to 0.3.3 (diff)
7 files changed, 575 insertions, 25 deletions
diff --git a/net/isc-dhcp31-server/Makefile b/net/isc-dhcp31-server/Makefile
index d9644634a182..e31d9f68e0d5 100644
--- a/net/isc-dhcp31-server/Makefile
+++ b/net/isc-dhcp31-server/Makefile
@@ -8,6 +8,7 @@
 
 PORTNAME=	dhcp
 PORTVERSION=	3.0.1.r14
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	dhcp dhcp/dhcp-3.0-history
@@ -60,6 +61,8 @@ MAN5+=		dhcp-eval.5 dhcp-options.5
 
 MSG_FILE=	${.CURDIR}/pkg-message
 DESCR=		${.CURDIR}/pkg-descr
+PKGINSTALL=	${.CURDIR}/pkg-install
+PKGDEINSTALL=	${PKGINSTALL}
 PKGMESSAGE=	${WRKDIR}/pkg-message
 PLIST=		${.CURDIR}/pkg-plist
 
@@ -125,6 +128,16 @@ DATADIR=	/var/db
 
 REINPLACE_SUB=	PREFIX=${PREFIX}
 RCSCRIPTS_SUB=	PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
+.if !defined(WITHOUT_DHCP_PARANOIA)
+RCSCRIPTS_SUB+=	PARANOIA=YES
+.else
+RCSCRIPTS_SUB+=	PARANOIA=NO
+.endif
+.if !defined(WITHOUT_DHCP_JAIL)
+RCSCRIPTS_SUB+=	JAIL=YES
+.else
+RCSCRIPTS_SUB+=	JAIL=NO
+.endif
 PKGMESSAGE_SUB=	PREFIX=${PREFIX} MAN1PREFIX=${MAN1PREFIX}
 
 # Post-extract
diff --git a/net/isc-dhcp31-server/files/client::scripts::freebsd b/net/isc-dhcp31-server/files/client::scripts::freebsd
index ceaeb950d2d5..9c4c3d3a6f24 100644
--- a/net/isc-dhcp31-server/files/client::scripts::freebsd
+++ b/net/isc-dhcp31-server/files/client::scripts::freebsd
@@ -35,6 +35,7 @@
 #############################################################################
 # $MindStep_Id: dhclient-script.sh,v 1.8 1999/12/07 22:11:08 patrick Exp $
 # $MindStep_Tag: CONTRIB_19991207 $
+# from FreeBSD: src/sbin/dhclient/dhclient-script.sh,v 1.2 2002/02/01 18:46:58 alfred Exp
 # $FreeBSD$
 #############################################################################
 
diff --git a/net/isc-dhcp31-server/files/isc-dhcpd.sh.sample b/net/isc-dhcp31-server/files/isc-dhcpd.sh.sample
index 63bc57ba0f3d..876237f3d6c8 100644
--- a/net/isc-dhcp31-server/files/isc-dhcpd.sh.sample
+++ b/net/isc-dhcp31-server/files/isc-dhcpd.sh.sample
@@ -11,38 +11,536 @@
 # dhcpd_enable="YES"
 #
 
+. %%RC_SUBR%%
+
+name=dhcpd
+paranoia=%%PARANOIA%%				# compiled in paranoia?
+jail=%%JAIL%%				# compiled in jail?
+
 # override these variables in /etc/rc.conf
 dhcpd_enable=NO
-dhcpd_flags=				# command option(s)
-dhcpd_conf=%%PREFIX%%/etc/dhcpd.conf	# configuration file
+dhcpd_flags= # -q -early_chroot		# command option(s)
+dhcpd_conf=%%PREFIX%%/etc/${name}.conf	# configuration file
 dhcpd_ifaces=				# ethernet interface(s)
+dhcpd_withumask=022			# file creation mask
 
-dhcpd_precmd ()
+dhcpd_chuser_enable=YES			# runs w/o privileges?
+dhcpd_withuser=${name}			# user name to run as
+dhcpd_withgroup=${name}			# group name to run as
+
+dhcpd_chroot_enable=NO			# runs chrooted?
+dhcpd_rootdir=/var/db/${name}		# directory to run in
+
+# untested
+dhcpd_jail_enable=NO			# runs imprisoned?
+dhcpd_hostname=				# jail hostname
+dhcpd_ipaddress=			# jail ip address
+
+safe_run ()	# rc command [args...]
+{
+	local _rc
+
+	_rc=$1
+	shift
+
+	if [ "${_rc}" -eq 0 ]; then
+		"$@" || _rc=1
+	fi
+	return ${_rc}
+}
+
+precious ()	# entry...
+{
+	local _entry _rc
+
+	_rc=1
+	for _entry; do
+		# do nothing if /var/run or /var/db
+		echo ${_entry} | egrep -q '^//*(var//*(run|db)/*)?$' && _rc=0
+	done
+	return ${_rc}
+}
+
+safe_chmog ()	# entry...
+{
+	local _entry _user _group _usergroup _rc
+
+	_user=${dhcpd_withuser}
+	_group=${dhcpd_withgroup}
+
+	_rc=0
+	if [ -n "${_user}" -o -n "${_group}" ]; then
+		_usergroup=${_user}${_group:+:${_group}}
+		for _entry; do
+			if [ -e ${_entry} ] &&
+			   ! precious ${_entry} &&
+			   ! ls -ld ${_entry} 2> /dev/null |
+			     awk -v u=${_user} -v g=${_group} '{
+				exit ((u && $3 != u) || (g && $4 != g))
+			     }' &&
+			   ! safe_run ${_rc} chown ${_usergroup} ${_entry}; then
+				warn "unable to change permissions of ${_entry}"
+				_rc=1
+			fi
+		done
+	fi
+	return ${_rc}
+}
+
+safe_mkdir ()	# dir...
+{
+	local _dir _rc
+
+	_rc=0
+	for _dir; do
+		if [ ! -d ${_dir} ] &&
+		   ! precious ${_dir} &&
+		   ! safe_run ${_rc} mkdir -p ${_dir}; then
+			err 1 "unable to create directory ${_dir}"
+			_rc=1
+		fi
+	done
+	safe_run ${_rc} safe_chmog "$@" || _rc=1
+	return ${_rc}
+}
+
+safe_rmdir ()	# dir...
+{
+	local _dir _rc
+
+	_rc=0
+	for _dir; do
+		if [ -d ${_dir} ] &&
+		   ! precious ${_dir}; then
+			if safe_run ${_rc} rmdir ${_dir}; then
+				safe_run ${_rc} safe_rmdir ${_dir%/*} || _rc=1
+			else
+				warn "unable to remove directory ${_dir}"
+				rc=1
+			fi
+		fi
+	done
+	return ${_rc}
+}
+
+safe_touch ()	# file...
+{
+	local _file _rc
+
+	_rc=0
+	for _file; do
+		if [ ! -e ${_file} ] &&
+		   ! safe_run ${_rc} touch ${_file}; then
+			err 1 "unable to create file ${_file}"
+			_rc=1
+		fi
+	done
+	safe_run ${_rc} safe_chmog "$@" || _rc=1
+	return ${_rc}
+}
+
+safe_remove ()	# file...
+{
+	local _file _rc
+
+	_rc=0
+	for _file; do
+		if [ -f ${_file} ] &&
+		   ! safe_run ${_rc} rm -f ${_file}; then
+			warn "unable to remove file ${_file}"
+			_rc=1
+		fi
+	done
+	return ${_rc}
+}
+
+safe_copy ()	# src dst
+{
+	local _src _dst _rc
+
+	_src=$1 _dst=$2
+
+	_rc=0
+	if ! safe_run ${_rc} safe_remove ${_dst} ||
+	   ! safe_run ${_rc} cp -p ${_src} ${_dst}; then
+		err 1 "unable to copy file ${_src} to ${_dst}"
+		_rc=1
+	fi
+	safe_run ${_rc} safe_chmog ${_dst} || _rc=1
+	return ${_rc}
+}
+
+mounted ()	# dir...
+{
+	local _rc
+
+	_rc=1
+	mount -t devfs | awk '
+	    BEGIN { n = ARGC; ARGC = 2 }
+	    { for (i = 2; i != n; i++) if ($3 == ARGV[i]) exit 1 }
+	' - "$@" || _rc=0
+	return ${_rc}
+}
+
+safe_mount ()	# dir
+{
+	local _dir _rc
+
+	_dir=$1
+
+	_rc=0
+	if ! mounted ${_dir} &&
+	   ! safe_run ${_rc} mount -t devfs devfs ${_dir}; then
+		err 1 "unable to mount ${_dir}"
+		_rc=1
+	fi
+	return ${_rc}
+}
+
+safe_umount ()	# dir
+{
+	local _dir _rc
+
+	_dir=$1
+
+	_rc=0
+	if mounted ${_dir} &&
+	   ! safe_run ${_rc} umount ${_dir}; then
+		warn "unable to unmount ${_dir}"
+		_rc=1
+	fi
+	return ${_rc}
+}
+
+safe_useradd ()
 {
-	dhcpd_rcconf=%%PREFIX%%/etc/rc.isc-dhcpd.conf
+	local _user _group _home _shell _gecos
+
+	_user=$1 _group=$2 _gecos=${3:-"& daemon"}
+	_home=${4:-/nonexistent} _shell=${5:-/sbin/nologin}
+
+	if [ -n "${_group}" ]; then
+		if pw group show ${_group} 2>/dev/null; then
+			echo "You already have a group \"${_group}\"," \
+			     "so I will use it."
+		elif pw groupadd ${_group} -h -; then
+			echo "Added group \"${_group}\"."
+		else
+			echo "Adding group \"${_group}\" failed..."
+			echo "Please create it, and try again."
+			exit 1
+		fi
+	fi
+	if [ -n "${_user}" ]; then
+		if pw user show ${_user} 2>/dev/null; then
+			echo "You already have a user \"${_user}\"," \
+			     "so I will use it."
+		elif pw useradd ${_user} -g ${_group} -h - \
+			-d ${_home} -s ${_shell} -c "${_gecos}"; then
+			echo "Added user \"${_user}\"."
+		else
+			echo "Adding user \"${_user}\" failed..."
+			echo "Please create it, and try again."
+			exit 1
+		fi
+	fi
+}
+
+check_chuser ()
+{
+	if checkyesno paranoia; then
+		if checkyesno dhcpd_chuser_enable &&
+		   [ -z ${dhcpd_withuser} -a -z ${dhcpd_withgroup} ]; then
+			err 1 "one of dhcpd_withuser and dhcpd_withgroup" \
+			      "must be set if dhcpd_chuser_enable is enabled"
+		fi
+	else
+		if checkyesno dhcpd_chuser_enable; then
+			warn "dhcpd_chuser_enable disabled -- not compiled in"
+			dhcpd_chuser_enable=NO
+		fi
+	fi
+}
+
+check_jail ()
+{
+	if checkyesno paranoia && checkyesno jail; then
+		if checkyesno dhcpd_jail_enable &&
+		   ! checkyesno dhcpd_chroot_enable; then
+			warn "dhcpd_chroot_enable implied by dhcpd_jail_enable"
+			dhcpd_chroot_enable=YES
+		fi
+		if checkyesno dhcpd_jail_enable &&
+		   [ -n "${dhcpd_hostname}" -a -z "${dhcpd_ipaddress}" ] ||
+		   [ -z "${dhcpd_hostname}" -a -n "${dhcpd_ipaddress}" ]; then
+			err 1 "both dhcpd_hostname and dhcpd_ipaddress" \
+			      "must be set if dhcpd_jail_enable is enabled"
+		fi
+	else
+		if checkyesno dhcpd_jail_enable; then
+			warn "dhcpd_jail_enable disabled -- not compiled in"
+			dhcpd_jail_enable=NO
+		fi
+	fi
+}
+
+check_chroot ()
+{
+	if checkyesno paranoia; then
+		if checkyesno dhcpd_chroot_enable &&
+		   [ -z "${dhcpd_rootdir}" ]; then
+			err 1 "dhcpd_rootdir" \
+			      "must be set if dhcpd_chroot_enable is enabled"
+		fi
+	else
+		if checkyesno dhcpd_chroot_enable; then
+			warn "dhcpd_chroot_enable disabled -- not compiled in"
+			dhcpd_chroot_enable=NO
+		fi
+	fi
+}
+
+rcvar_chuser ()
+{
+	if checkyesno paranoia && checkyesno dhcpd_chuser_enable; then
+		dhcpd_piddir=${_dhcpd_piddir}/${name}
+		dhcpd_leasesdir=${_dhcpd_leasesdir}/${name}
+	else
+		dhcpd_withuser= dhcpd_withgroup=
+	fi
+}
+
+rcvar_jail ()
+{
+	if ! checkyesno paranoia || ! checkyesno jail ||
+	   ! checkyesno dhcpd_jail_enable; then
+		dhcpd_hostname= dhcpd_ipaddress=
+	fi
+}
+
+rcvar_chroot ()
+{
+	if ! checkyesno paranoia || ! checkyesno dhcpd_chroot_enable; then
+		dhcpd_rootdir=
+	fi
+}
+
+rcvar_pidnleases ()
+{
+	if ! checkyesno dhcpd_chuser_enable; then
+		dhcpd_piddir=${_dhcpd_piddir}
+		dhcpd_leasesdir=${_dhcpd_leasesdir}
+	fi
+	dhcpd_pidfile=${dhcpd_piddir}/${name}.pid
+	dhcpd_leasesfile=${dhcpd_leasesdir}/${name}.leases
+	dhcpd_conffile=${dhcpd_conf}	# for convenience only
+	dhcpd_confdir=$(dirname ${dhcpd_conffile})
+}
+
+rcvar_rooted ()
+{
+	_dhcpd_rootdir=${dhcpd_rootdir}
+	_dhcpd_devdir=${dhcpd_rootdir}/dev
+	_dhcpd_confdir=${dhcpd_rootdir}${dhcpd_confdir}
+	_dhcpd_piddir=${dhcpd_rootdir}${dhcpd_piddir}
+	_dhcpd_leasesdir=${dhcpd_rootdir}${dhcpd_leasesdir}
+	_dhcpd_conffile=${dhcpd_rootdir}${dhcpd_conffile}
+	_dhcpd_pidfile=${dhcpd_rootdir}${dhcpd_pidfile}
+	_dhcpd_leasesfile=${dhcpd_rootdir}${dhcpd_leasesfile}
+}
+
+setup_compat ()
+{
+	local dhcpd_rcconf
+
+	# suck in old configuration file and variables
+	#
+	dhcpd_rcconf=${dhcpd_confdir}/rc.isc-dhcpd.conf
 
 	if [ -f ${dhcpd_rcconf} ]; then
-		warn "${dhcpd_rcconf} is obsolete, use /etc/rc.conf instead."
+		warn "${dhcpd_rcconf} is obsolete, use /etc/rc.conf and/or" \
+		     "/etc/rc.conf.d/${name} instead."
 		. ${dhcpd_rcconf}
 
 		if [ -n "${dhcpd_options}" -a -z "${rc_flags}" ]; then
-			warn "dhcpd_options is obsolete, use dhcpd_flags instead."
+			warn "dhcpd_options is obsolete," \
+			     "use dhcpd_flags instead."
 			rc_flags=${dhcpd_options}
 		fi
 	fi
+}
 
-	rc_flags="${rc_flags} -cf ${dhcpd_conf} ${dhcpd_ifaces}"
+setup_umask ()
+{
+	if [ -n "${dhcpd_umask}" ]; then
+		umask ${dhcpd_umask}
+	fi
 }
 
-. %%RC_SUBR%%
+setup_chroot ()
+{
+	if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then
+		safe_mkdir ${_dhcpd_rootdir} ${_dhcpd_devdir} ${_dhcpd_confdir}
+		safe_mount ${_dhcpd_devdir}
+		safe_copy ${dhcpd_conffile} ${_dhcpd_conffile}
+	fi
+}
+
+setup_chuser ()
+{
+	if checkyesno paranoia && {
+	   checkyesno dhcpd_chuser_enable || checkyesno dhcpd_chroot_enable
+	}; then
+		safe_mkdir ${_dhcpd_piddir} ${_dhcpd_leasesdir}
+	fi
+}
+
+setup_leases ()
+{
+	safe_touch ${_dhcpd_leasesfile}
+}
+
+setup_flags ()
+{
+	if [ -n "${dhcpd_conf}" ]; then
+		rc_flags="${rc_flags} -cf ${dhcpd_conf}"
+	fi
+	if [ -n "${dhcpd_leasesfile}" ]; then
+		rc_flags="${rc_flags} -lf ${dhcpd_leasesfile}"
+	fi
+	if [ -n "${dhcpd_pidfile}" ]; then
+		rc_flags="${rc_flags} -pf ${dhcpd_pidfile}"
+	fi
+	if [ -n "${dhcpd_withuser}" ]; then
+		rc_flags="${rc_flags} -user ${dhcpd_withuser}"
+	fi
+	if [ -n "${dhcpd_withgroup}" ]; then
+		rc_flags="${rc_flags} -group ${dhcpd_withgroup}"
+	fi
+	if [ -n "${dhcpd_rootdir}" ]; then
+		rc_flags="${rc_flags} -chroot ${dhcpd_rootdir}"
+	fi
+	if [ -n "${dhcpd_hostname}" -a -n "${dhcpd_ipaddress}" ]; then
+		rc_flags="${rc_flags} -jail ${dhcpd_hostname} ${dhcpd_ipaddress}"
+	fi
+	rc_flags="${rc_flags} ${dhcpd_ifaces}"
+}
+
+cleanup_chroot ()
+{
+	if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then
+		safe_umount ${_dhcpd_devdir}
+	fi
+}
+
+dhcpd_stop ()
+{
+	if $0 status; then
+		$0 stop
+	fi
+}
+
+remove_pid ()
+{
+	if [ -e ${_dhcpd_pidfile} ]; then
+		warn "${_dhcpd_pidfile} still exists! -- removing anyway"
+	fi
+	safe_remove ${_dhcpd_pidfile}
+}
+
+remove_leases ()
+{
+	if [ -s ${_dhcpd_leasesfile} ]; then
+		warn "${_dhcpd_leasesfile} not empty -- not removed --" \
+		     "futher warning messages expected, don't care."
+	else
+		safe_remove ${_dhcpd_leasesfile} ${_dhcpd_leasesfile}~
+	fi
+}
+
+remove_chuser ()
+{
+	if checkyesno paranoia && {
+	   checkyesno dhcpd_chuser_enable || checkyesno dhcpd_chroot_enable
+	}; then
+		safe_rmdir ${_dhcpd_piddir} ${_dhcpd_leasesdir}
+	fi
+}
+
+remove_chroot ()
+{
+	if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then
+		safe_remove ${_dhcpd_conffile}
+		safe_umount ${_dhcpd_devdir}
+		safe_rmdir ${_dhcpd_confdir} ${_dhcpd_devdir} ${_dhcpd_rootdir}
+	fi
+}
+
+dhcpd_check ()
+{
+	check_chuser
+	check_jail
+	check_chroot
+}
+
+dhcpd_rcvar ()
+{
+	rcvar_chuser
+	rcvar_jail
+	rcvar_chroot
+	rcvar_pidnleases
+	rcvar_rooted
+}
+
+dhcpd_precmd ()
+{
+	setup_compat
+	setup_umask
+	setup_chroot
+	setup_chuser
+	setup_leases
+	setup_flags
+}
+
+dhcpd_postcmd ()
+{
+	cleanup_chroot
+}
+
+dhcpd_install ()
+{
+	if checkyesno paranoia; then
+		safe_useradd "${dhcpd_withuser}" "${dhcpd_withgroup}" \
+			     "DHCP Daemon"
+	fi
+}
+
+dhcpd_uninstall ()
+{
+	dhcpd_stop
+	remove_pid
+	remove_leases
+	remove_chuser
+	remove_chroot
+}
 
-name=dhcpd
 rcvar=$(set_rcvar)
+load_rc_config ${name}
+
+_dhcpd_piddir=/var/run			# pid file directory
+_dhcpd_leasesdir=/var/db			# leases file directory
+#_dhcpd_rootdir=/var/db/${name}		# root directory
+
+dhcpd_check
+dhcpd_rcvar
 
 command=%%PREFIX%%/sbin/${name}
-pidfile=/var/run/${name}.pid
+pidfile=${_dhcpd_pidfile}
 required_files=${dhcpd_conf}
 start_precmd=${name}_precmd
+stop_postcmd=${name}_postcmd
+install_cmd=dhcpd_install
+uninstall_cmd=dhcpd_uninstall
+extra_commands="install uninstall"
 
-load_rc_config ${name}
 run_rc_command "$1"
diff --git a/net/isc-dhcp31-server/files/patch-client::dhclient.8 b/net/isc-dhcp31-server/files/patch-client::dhclient.8
index a602907c31b6..4e6096f5aa86 100644
--- a/net/isc-dhcp31-server/files/patch-client::dhclient.8
+++ b/net/isc-dhcp31-server/files/patch-client::dhclient.8
@@ -2,7 +2,7 @@
 +++ client/dhclient.8	Wed Mar  3 02:06:52 2004
 @@ -18,6 +18,10 @@
  .\"
- .\" $Id: dhclient.8,v 1.12.2.7 2002/11/17 02:25:43 dhankins Exp $
+ .\" from Id: dhclient.8,v 1.12.2.8 2004/06/10 17:59:12 dhankins Exp
  .\"
 +.\" Portions copyright (c) 2000 David E. O'Brien.
 +.\" All rights reserved.
diff --git a/net/isc-dhcp31-server/pkg-install b/net/isc-dhcp31-server/pkg-install
new file mode 100644
index 000000000000..8bafd2bed768
--- /dev/null
+++ b/net/isc-dhcp31-server/pkg-install
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+[ $# != 2 ] && exit 1
+[ -z "${PKG_PREFIX}" ] && exit 1
+[ -n "${BATCH}" ] && exit 0
+
+case $2 in
+POST-INSTALL)
+	${PKG_PREFIX}/etc/rc.d/isc-dhcpd.sh forceinstall
+	;;
+DEINSTALL)
+	${PKG_PREFIX}/etc/rc.d/isc-dhcpd.sh forceuninstall
+	;;
+POST-DEINSTALL|PRE-INSTALL)
+	;;
+*)
+	echo "usage: $0 <PKG_NAME> {PRE-INSTALL|POST-INSTALL|DEINSTALL|POST-DEINSTALL}" >&2
+	exit 1
+	;;
+esac
diff --git a/net/isc-dhcp31-server/pkg-message b/net/isc-dhcp31-server/pkg-message
index 749a5d69ea4a..ec8c0bc5306c 100644
--- a/net/isc-dhcp31-server/pkg-message
+++ b/net/isc-dhcp31-server/pkg-message
@@ -4,21 +4,38 @@
 ****  This port installs dhcp daemon, but don't invokes dhcpd by default. If
       you want to invoke dhcpd at startup, put these lines into /etc/rc.conf.
 
-	    dhcpd_enable="YES"
-	    dhcpd_flags=""				# command option(s)
+	    dhcpd_enable="YES"				# dhcpd enabled?
+	    dhcpd_flags="-q"				# command option(s)
 	    dhcpd_conf="%%PREFIX%%/etc/dhcpd.conf"	# configuration file
 	    dhcpd_ifaces=""				# ethernet interface(s)
+	    dhcpd_umask="022"				# file creation mask
 
-****  For instance, rc.conf like variables are still read from %%PREFIX%%\
-      /etc/rc.isc-dhcpd.conf. They should be move into /etc/rc.conf.  Also,
-      the dhcpd_options variable must be renamed dhcpd_flags.
-
-****  If compiled with paranoia support (the default), the following options
+****  If compiled with paranoia support (the default), the following lines
       are also supported:
 
-            [-user user] [-group group] [-chroot dir] [-early_chroot]
+	    dhcpd_chuser_enable="YES"			# runs w/o privileges?
+	    dhcpd_withuser="dhcpd"			# user name to run as
+	    dhcpd_withgroup="dhcpd"			# group name to run as
+	    dhcpd_chroot_enable="YES"			# runs chrooted?
+	    dhcpd_rootdir="/var/db/dhcpd"		# directory to run in
+	    dhcpd_flags="-early_chroot"			# needs full root
+
+      WARNING: -early_chroot requires a jail(8) like environment to works.
+
+****  If compiled with jail support (the default), the following lines are
+      also supported (-early_chroot and dhcpd_chroot_enable=YES are implied):
+
+	    dhcpd_jail_enable="YES"			# runs imprisoned?
+            dhcpd_hostname="<hostname>"			# jail hostname
+            dhcpd_ipaddress="<ip address>"		# jail ip address
+
+      WARNING: dhcpd_rootdir needs to point to a full jail(8) environment.
 
-****  If compiled with jail support (the default), the following options are
-      also supported:
+****  WARNING: never edit the chrooted or jailed dhcpd.conf file but
+      %%PREFIX%%/etc/dhcpd.conf instead which is always copied where
+      needed upon startup.
 
-            [-chroot dir] [-jail hostname ip_address]	# implies -early_chroot
+****  WARNING: %%PREFIX%%/etc/rc.isc-dhcpd.conf is obsolete.  rc.conf like
+      variables are still read there but should be moved /etc/rc.conf or
+      /etc/rc.conf.d/dhcpd instead.  Also, the dhcpd_options variable must
+      be renamed dhcpd_flags if any.
diff --git a/net/isc-dhcp31-server/pkg-plist b/net/isc-dhcp31-server/pkg-plist
index 78107bb2a1a7..c8b584241dbf 100644
--- a/net/isc-dhcp31-server/pkg-plist
+++ b/net/isc-dhcp31-server/pkg-plist
@@ -3,5 +3,3 @@ bin/omshell
 etc/dhcpd.conf.sample
 etc/rc.d/isc-dhcpd.sh
 sbin/dhcpd
-@exec [ -f /var/db/dhcpd.leases ] || touch /var/db/dhcpd.leases
-@unexec [ -s /var/db/dhcpd.leases ] || rm -f /var/db/dhcpd.leases
author	Oliver Eikemeier <eik@FreeBSD.org>	2004-06-26 14:32:41 +0000
committer	Oliver Eikemeier <eik@FreeBSD.org>	2004-06-26 14:32:41 +0000
commit	bf45d386a18a7763fae716088e19c2c606f92a1c (patch)
tree	b216d55923331ca603f96902a8f46874f5288c82 /net/isc-dhcp31-server
parent	Update to 0.3.3 (diff)