From: Arseny Maslennikov <arseny@altlinux.org> To: devel@lists.altlinux.org Cc: Arseny Maslennikov <arseny@altlinux.org>, Alexey Gladkov <legion@altlinux.org> Subject: [devel] [PATCH hasher-priv v3 6/7] Add systemd and sysvinit service files Date: Tue, 24 Aug 2021 11:24:35 +0300 Message-ID: <20210824082436.1555890-7-arseny@altlinux.org> (raw) In-Reply-To: <20210824082436.1555890-1-arseny@altlinux.org> From: Alexey Gladkov <legion@altlinux.org> Signed-off-by: Alexey Gladkov <legion@altlinux.org> Signed-off-by: Arseny Maslennikov <arseny@altlinux.org> --- hasher-priv/Makefile | 6 ++ hasher-priv/hasher-priv.spec | 6 +- hasher-priv/hasher-privd.service | 14 ++++ hasher-priv/hasher-privd.sysvinit | 103 ++++++++++++++++++++++++++++++ 4 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 hasher-priv/hasher-privd.service create mode 100755 hasher-priv/hasher-privd.sysvinit diff --git a/hasher-priv/Makefile b/hasher-priv/Makefile index a08f6a8..6d8b49b 100644 --- a/hasher-priv/Makefile +++ b/hasher-priv/Makefile @@ -16,6 +16,8 @@ TARGETS = $(PROJECT) hasher-privd hasher-useradd $(HELPERS) $(MAN5PAGES) $(MAN8P have-cc-function = $(shell echo 'extern void $(1)(void); int main () { $(1)(); return 0; }' |$(CC) -o /dev/null -xc - > /dev/null 2>&1 && echo "-D$(2)") sysconfdir = /etc +initdir=$(sysconfdir)/rc.d/init.d +systemd_unitdir=/lib/systemd/system libexecdir = /usr/lib sbindir = /usr/sbin mandir = /usr/share/man @@ -76,6 +78,10 @@ install: all $(MKDIR_P) -m750 $(DESTDIR)$(helperdir) $(INSTALL) -p -m700 $(PROJECT) $(DESTDIR)$(helperdir)/ $(INSTALL) -p -m755 $(HELPERS) $(DESTDIR)$(helperdir)/ + $(MKDIR_P) -m755 $(DESTDIR)$(systemd_unitdir) + $(INSTALL) -p -m644 hasher-privd.service $(DESTDIR)$(systemd_unitdir)/ + $(MKDIR_P) -m755 $(DESTDIR)$(initdir) + $(INSTALL) -p -m755 hasher-privd.sysvinit $(DESTDIR)$(initdir)/hasher-privd $(MKDIR_P) -m755 $(DESTDIR)$(sbindir) $(INSTALL) -p -m755 hasher-privd $(DESTDIR)$(sbindir)/ $(INSTALL) -p -m755 hasher-useradd $(DESTDIR)$(sbindir)/ diff --git a/hasher-priv/hasher-priv.spec b/hasher-priv/hasher-priv.spec index e21dec1..e6fc873 100644 --- a/hasher-priv/hasher-priv.spec +++ b/hasher-priv/hasher-priv.spec @@ -33,7 +33,9 @@ required by hasher utilities. %make_build CC="%__cc" CFLAGS="%optflags" libexecdir="%_libexecdir" %install -%makeinstall +%makeinstall \ + systemd_unitdir="%{?buildroot:%{buildroot}}%_unitdir" \ + # %pre if getent group pkg-build > /dev/null; then @@ -59,6 +61,8 @@ groupadd -r -f hashman %attr(755,root,root) %helperdir/*.sh # daemon %_sbindir/hasher-privd +%_unitdir/hasher-privd.service +%_initdir/hasher-privd %doc DESIGN diff --git a/hasher-priv/hasher-privd.service b/hasher-priv/hasher-privd.service new file mode 100644 index 0000000..f44faa0 --- /dev/null +++ b/hasher-priv/hasher-privd.service @@ -0,0 +1,14 @@ +[Unit] +Description=A privileged helper for the hasher project +ConditionVirtualization=!container +Documentation=man:hasher-priv(8) + +[Service] +ExecStart=/usr/sbin/hasher-privd -f +Group=hashman +RuntimeDirectory=hasher-priv +RuntimeDirectoryMode=0710 +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/hasher-priv/hasher-privd.sysvinit b/hasher-priv/hasher-privd.sysvinit new file mode 100755 index 0000000..263c9f7 --- /dev/null +++ b/hasher-priv/hasher-privd.sysvinit @@ -0,0 +1,103 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Short-Description: A privileged helper for the hasher project +# Description: A privileged helper for the hasher project +# Provides: hasher-priv +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +### END INIT INFO + +WITHOUT_RC_COMPAT=1 + +# Source function library. +. /etc/init.d/functions + +NAME=hasher-privd +PIDFILE="/var/run/$NAME.pid" +LOCKFILE="/var/lock/subsys/$NAME" +RUNTIMEDIR="/run/hasher-priv" +RUNTIMEDIRMODE="0710" +GROUP=hashman +RETVAL=0 + +ensure_runtime_directory() +{ + mkdir -p "$RUNTIMEDIR" + chmod 0710 "$RUNTIMEDIR" + chgrp "$GROUP" "$RUNTIMEDIR" +} + +ensure_no_runtime_directory() +{ + rm -rf "$RUNTIMEDIR" +} + +start() +{ + start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" -- "$NAME" + RETVAL=$? + return $RETVAL +} + +stop() +{ + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" "$NAME" + RETVAL=$? + return $RETVAL +} + +restart() +{ + stop + start +} + +# See how we were called. +case "$1" in + start) + ensure_runtime_directory + start + ;; + stop) + stop + ensure_no_runtime_directory + ;; + status) + status --pidfile "$PIDFILE" "$NAME" + RETVAL=$? + ;; + restart) + restart + ;; + reload) + restart + ;; + condstart) + if [ ! -e "$LOCKFILE" ]; then + start + fi + ;; + condstop) + if [ -e "$LOCKFILE" ]; then + stop + fi + ;; + condrestart) + if [ -e "$LOCKFILE" ]; then + restart + fi + ;; + condreload) + if [ -e "$LOCKFILE" ]; then + reload + fi + ;; + *) + msg_usage "${0##*/} {start|stop|status|restart|reload|condstart|condstop|condrestart|condreload}" + RETVAL=1 +esac + +exit $RETVAL -- 2.32.0
next prev parent reply other threads:[~2021-08-24 8:24 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-24 8:24 [devel] [PATCH hasher-priv v3 0/7] hasher-privd Arseny Maslennikov 2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 1/7] Turn hasher-priv into a daemon Arseny Maslennikov 2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 2/7] sockets: xsendmsg: get rid of SIGPIPE on socket writes Arseny Maslennikov 2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 3/7] chrootuid: explicitly reset signal mask before forking off payload Arseny Maslennikov 2021-12-01 19:23 ` Dmitry V. Levin 2021-12-03 15:03 ` Arseny Maslennikov 2021-12-03 16:06 ` Dmitry V. Levin 2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 4/7] Link with libsetproctitle by Dmitry V. Levin Arseny Maslennikov 2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 5/7] daemon: set titles for subprocesses Arseny Maslennikov 2021-08-24 8:24 ` Arseny Maslennikov [this message] 2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 7/7] Install hasher-priv without set ugids Arseny Maslennikov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210824082436.1555890-7-arseny@altlinux.org \ --to=arseny@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=legion@altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Team development discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \ devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru public-inbox-index devel Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.devel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git