From f56e67946bc5d0bda1a3a971839bcb8ee5c03bfd Mon Sep 17 00:00:00 2001
From: dkwo <npiazza@disroot.org>
Date: Sat, 14 Jun 2025 19:41:58 -0400
Subject: [PATCH 1/2] dhcpcd: update to 10.2.4

---
 srcpkgs/dhcpcd/template | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/dhcpcd/template b/srcpkgs/dhcpcd/template
index fa1954df748389..6cd4ac7ed6f5fb 100644
--- a/srcpkgs/dhcpcd/template
+++ b/srcpkgs/dhcpcd/template
@@ -1,6 +1,6 @@
 # Template file for 'dhcpcd'
 pkgname=dhcpcd
-version=10.1.0
+version=10.2.4
 revision=1
 build_style=configure
 make_check_target=test
@@ -15,12 +15,13 @@ license="BSD-2-Clause"
 homepage="https://roy.marples.name/projects/dhcpcd"
 changelog="https://github.com/NetworkConfiguration/dhcpcd/releases"
 distfiles="https://github.com/NetworkConfiguration/dhcpcd/archive/refs/tags/v${version}.tar.gz"
-checksum=e8a83208c2ff63a5a31d886f76bc717b4ec1938d18a2c8b88f328e710d2b515a
+checksum=85c8b2535ddf52091b30b31f29b0f9cafd9cd94dc6b78f1bd92db2afce4c1943
 lib32disabled=yes
 conf_files=/etc/dhcpcd.conf
 
 system_accounts="_dhcpcd"
 _dhcpcd_homedir="/var/db/dhcpcd"
+make_dirs="/var/db/${pkgname} 0700 _${pkgname} _${pkgname}"
 
 build_options="privsep"
 desc_option_privsep="Enable privilege separation mode for the daemon"

From 9b17eac7b1214449204b59ce4f808e78c4741e54 Mon Sep 17 00:00:00 2001
From: dkwo <npiazza@disroot.org>
Date: Sat, 14 Jun 2025 19:45:18 -0400
Subject: [PATCH 2/2] dhcpcd: add unprivileged service

---
 srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run | 16 ++++++++++++++++
 srcpkgs/dhcpcd/template                      |  3 ++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run

diff --git a/srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run b/srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run
new file mode 100644
index 00000000000000..7ca1c5ba2b14ee
--- /dev/null
+++ b/srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run
@@ -0,0 +1,16 @@
+#!/bin/sh
+exec 2>&1
+[ -r conf ] && . ./conf
+
+# automigrate
+chown root:_dhcpcd /etc/dhcpcd.conf
+chmod 640 /etc/dhcpcd.conf
+
+! [ -d /run/dhcpcd ] && install -m 700 -g _dhcpcd -o _dhcpcd -d /run/dhcpcd
+chown -R _dhcpcd:_dhcpcd /run/dhcpcd
+
+exec setpriv --reuid _dhcpcd --regid _dhcpcd --clear-groups \
+  --ambient-caps -all,+net_admin,+net_raw,+net_bind_service \
+  --inh-caps -all,+net_admin,+net_raw,+net_bind_service \
+  --bounding-set -all,+net_admin,+net_raw,+net_bind_service \
+  --no-new-privs -- dhcpcd -B ${OPTS:=-M}
diff --git a/srcpkgs/dhcpcd/template b/srcpkgs/dhcpcd/template
index 6cd4ac7ed6f5fb..b6e82b090f4c27 100644
--- a/srcpkgs/dhcpcd/template
+++ b/srcpkgs/dhcpcd/template
@@ -21,7 +21,7 @@ conf_files=/etc/dhcpcd.conf
 
 system_accounts="_dhcpcd"
 _dhcpcd_homedir="/var/db/dhcpcd"
-make_dirs="/var/db/${pkgname} 0700 _${pkgname} _${pkgname}"
+make_dirs="/var/db/dhcpcd 0770 root _dhcpcd"
 
 build_options="privsep"
 desc_option_privsep="Enable privilege separation mode for the daemon"
@@ -29,6 +29,7 @@ desc_option_privsep="Enable privilege separation mode for the daemon"
 post_install() {
 	vsv dhcpcd
 	vsv dhcpcd-eth0
+	vsv dhcpcd-unprivileged
 
 	# Enable controlgroup by default, to make dhcpcd-ui work.
 	vsed -e 's,^#\(controlgroup.*\),\1,' -i ${DESTDIR}/etc/dhcpcd.conf