From: Arseny Maslennikov <arseny@altlinux.org>
To: devel@lists.altlinux.org
Cc: Arseny Maslennikov <arseny@altlinux.org>,
Alexey Gladkov <legion@altlinux.org>
Subject: [devel] [PATCH hasher-priv v3 6/7] Add systemd and sysvinit service files
Date: Tue, 24 Aug 2021 11:24:35 +0300
Message-ID: <20210824082436.1555890-7-arseny@altlinux.org> (raw)
In-Reply-To: <20210824082436.1555890-1-arseny@altlinux.org>
From: Alexey Gladkov <legion@altlinux.org>
Signed-off-by: Alexey Gladkov <legion@altlinux.org>
Signed-off-by: Arseny Maslennikov <arseny@altlinux.org>
---
hasher-priv/Makefile | 6 ++
hasher-priv/hasher-priv.spec | 6 +-
hasher-priv/hasher-privd.service | 14 ++++
hasher-priv/hasher-privd.sysvinit | 103 ++++++++++++++++++++++++++++++
4 files changed, 128 insertions(+), 1 deletion(-)
create mode 100644 hasher-priv/hasher-privd.service
create mode 100755 hasher-priv/hasher-privd.sysvinit
diff --git a/hasher-priv/Makefile b/hasher-priv/Makefile
index a08f6a8..6d8b49b 100644
--- a/hasher-priv/Makefile
+++ b/hasher-priv/Makefile
@@ -16,6 +16,8 @@ TARGETS = $(PROJECT) hasher-privd hasher-useradd $(HELPERS) $(MAN5PAGES) $(MAN8P
have-cc-function = $(shell echo 'extern void $(1)(void); int main () { $(1)(); return 0; }' |$(CC) -o /dev/null -xc - > /dev/null 2>&1 && echo "-D$(2)")
sysconfdir = /etc
+initdir=$(sysconfdir)/rc.d/init.d
+systemd_unitdir=/lib/systemd/system
libexecdir = /usr/lib
sbindir = /usr/sbin
mandir = /usr/share/man
@@ -76,6 +78,10 @@ install: all
$(MKDIR_P) -m750 $(DESTDIR)$(helperdir)
$(INSTALL) -p -m700 $(PROJECT) $(DESTDIR)$(helperdir)/
$(INSTALL) -p -m755 $(HELPERS) $(DESTDIR)$(helperdir)/
+ $(MKDIR_P) -m755 $(DESTDIR)$(systemd_unitdir)
+ $(INSTALL) -p -m644 hasher-privd.service $(DESTDIR)$(systemd_unitdir)/
+ $(MKDIR_P) -m755 $(DESTDIR)$(initdir)
+ $(INSTALL) -p -m755 hasher-privd.sysvinit $(DESTDIR)$(initdir)/hasher-privd
$(MKDIR_P) -m755 $(DESTDIR)$(sbindir)
$(INSTALL) -p -m755 hasher-privd $(DESTDIR)$(sbindir)/
$(INSTALL) -p -m755 hasher-useradd $(DESTDIR)$(sbindir)/
diff --git a/hasher-priv/hasher-priv.spec b/hasher-priv/hasher-priv.spec
index e21dec1..e6fc873 100644
--- a/hasher-priv/hasher-priv.spec
+++ b/hasher-priv/hasher-priv.spec
@@ -33,7 +33,9 @@ required by hasher utilities.
%make_build CC="%__cc" CFLAGS="%optflags" libexecdir="%_libexecdir"
%install
-%makeinstall
+%makeinstall \
+ systemd_unitdir="%{?buildroot:%{buildroot}}%_unitdir" \
+ #
%pre
if getent group pkg-build > /dev/null; then
@@ -59,6 +61,8 @@ groupadd -r -f hashman
%attr(755,root,root) %helperdir/*.sh
# daemon
%_sbindir/hasher-privd
+%_unitdir/hasher-privd.service
+%_initdir/hasher-privd
%doc DESIGN
diff --git a/hasher-priv/hasher-privd.service b/hasher-priv/hasher-privd.service
new file mode 100644
index 0000000..f44faa0
--- /dev/null
+++ b/hasher-priv/hasher-privd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=A privileged helper for the hasher project
+ConditionVirtualization=!container
+Documentation=man:hasher-priv(8)
+
+[Service]
+ExecStart=/usr/sbin/hasher-privd -f
+Group=hashman
+RuntimeDirectory=hasher-priv
+RuntimeDirectoryMode=0710
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/hasher-priv/hasher-privd.sysvinit b/hasher-priv/hasher-privd.sysvinit
new file mode 100755
index 0000000..263c9f7
--- /dev/null
+++ b/hasher-priv/hasher-privd.sysvinit
@@ -0,0 +1,103 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Short-Description: A privileged helper for the hasher project
+# Description: A privileged helper for the hasher project
+# Provides: hasher-priv
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
+
+WITHOUT_RC_COMPAT=1
+
+# Source function library.
+. /etc/init.d/functions
+
+NAME=hasher-privd
+PIDFILE="/var/run/$NAME.pid"
+LOCKFILE="/var/lock/subsys/$NAME"
+RUNTIMEDIR="/run/hasher-priv"
+RUNTIMEDIRMODE="0710"
+GROUP=hashman
+RETVAL=0
+
+ensure_runtime_directory()
+{
+ mkdir -p "$RUNTIMEDIR"
+ chmod 0710 "$RUNTIMEDIR"
+ chgrp "$GROUP" "$RUNTIMEDIR"
+}
+
+ensure_no_runtime_directory()
+{
+ rm -rf "$RUNTIMEDIR"
+}
+
+start()
+{
+ start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" -- "$NAME"
+ RETVAL=$?
+ return $RETVAL
+}
+
+stop()
+{
+ stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" "$NAME"
+ RETVAL=$?
+ return $RETVAL
+}
+
+restart()
+{
+ stop
+ start
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ ensure_runtime_directory
+ start
+ ;;
+ stop)
+ stop
+ ensure_no_runtime_directory
+ ;;
+ status)
+ status --pidfile "$PIDFILE" "$NAME"
+ RETVAL=$?
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ restart
+ ;;
+ condstart)
+ if [ ! -e "$LOCKFILE" ]; then
+ start
+ fi
+ ;;
+ condstop)
+ if [ -e "$LOCKFILE" ]; then
+ stop
+ fi
+ ;;
+ condrestart)
+ if [ -e "$LOCKFILE" ]; then
+ restart
+ fi
+ ;;
+ condreload)
+ if [ -e "$LOCKFILE" ]; then
+ reload
+ fi
+ ;;
+ *)
+ msg_usage "${0##*/} {start|stop|status|restart|reload|condstart|condstop|condrestart|condreload}"
+ RETVAL=1
+esac
+
+exit $RETVAL
--
2.32.0
next prev parent reply other threads:[~2021-08-24 8:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-24 8:24 [devel] [PATCH hasher-priv v3 0/7] hasher-privd Arseny Maslennikov
2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 1/7] Turn hasher-priv into a daemon Arseny Maslennikov
2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 2/7] sockets: xsendmsg: get rid of SIGPIPE on socket writes Arseny Maslennikov
2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 3/7] chrootuid: explicitly reset signal mask before forking off payload Arseny Maslennikov
2021-12-01 19:23 ` Dmitry V. Levin
2021-12-03 15:03 ` Arseny Maslennikov
2021-12-03 16:06 ` Dmitry V. Levin
2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 4/7] Link with libsetproctitle by Dmitry V. Levin Arseny Maslennikov
2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 5/7] daemon: set titles for subprocesses Arseny Maslennikov
2021-08-24 8:24 ` Arseny Maslennikov [this message]
2021-08-24 8:24 ` [devel] [PATCH hasher-priv v3 7/7] Install hasher-priv without set ugids Arseny Maslennikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210824082436.1555890-7-arseny@altlinux.org \
--to=arseny@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=legion@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git