Attached is a patch that creates a separate service file under debian/ as requested.
-- Arto Jantunen
>From 1e30ccab0b0f486601021789248cf346517a0adc Mon Sep 17 00:00:00 2001 From: Arto Jantunen <vi...@debian.org> Date: Fri, 8 May 2015 13:03:00 +0300 Subject: [PATCH] Add systemd service file Add a new systemd service file that closely matches the behavior of the current init script. Add build-dep on dh-systemd and use it to enable the service file. --- debian/control | 2 +- debian/rules | 2 +- debian/tor.dirs | 1 + debian/tor.install | 1 + debian/tor.service | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 debian/tor.service diff --git a/debian/control b/debian/control index 76b8ce1..c5e1258 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: tor Section: net Priority: optional Maintainer: Peter Palfrader <wea...@debian.org> -Build-Depends: debhelper (>= 8.1.0~), quilt, libssl-dev, zlib1g-dev, libevent-dev (>= 1.1), binutils (>= 2.14.90.0.7), hardening-includes, asciidoc (>= 8.2), docbook-xml, docbook-xsl, xmlto, dh-apparmor, libseccomp-dev [amd64 i386] +Build-Depends: debhelper (>= 8.1.0~), quilt, libssl-dev, zlib1g-dev, libevent-dev (>= 1.1), binutils (>= 2.14.90.0.7), hardening-includes, asciidoc (>= 8.2), docbook-xml, docbook-xsl, xmlto, dh-apparmor, libseccomp-dev [amd64 i386], dh-systemd Build-Conflicts: libnacl-dev, libseccomp-dev [!amd64 !i386] Standards-Version: 3.9.4 Homepage: https://www.torproject.org/ diff --git a/debian/rules b/debian/rules index d404e19..eb4a8b4 100755 --- a/debian/rules +++ b/debian/rules @@ -15,7 +15,7 @@ endif %: dh \ $@ \ - --with quilt \ + --with quilt,systemd \ --builddirectory=build \ --parallel diff --git a/debian/tor.dirs b/debian/tor.dirs index f693956..7c82b44 100644 --- a/debian/tor.dirs +++ b/debian/tor.dirs @@ -1 +1,2 @@ etc/apparmor.d/abstractions +lib/systemd/system diff --git a/debian/tor.install b/debian/tor.install index 11dc8b3..e59def8 100644 --- a/debian/tor.install +++ b/debian/tor.install @@ -5,3 +5,4 @@ etc/tor contrib/client-tools/torify usr/bin debian/tor-service-defaults-torrc usr/share/tor +debian/tor.service lib/systemd/system diff --git a/debian/tor.service b/debian/tor.service new file mode 100644 index 0000000..953017d --- /dev/null +++ b/debian/tor.service @@ -0,0 +1,32 @@ +[Unit] +Description = Anonymizing overlay network for TCP +After = syslog.target network.target nss-lookup.target + +[Service] +Type = forking +PIDFile = /var/run/tor/tor.pid +PermissionsStartOnly = yes +EnvironmentFile=-/etc/default/tor +ExecStartPre = /usr/bin/install -Z -m 02750 -o debian-tor -g debian-tor -d /var/run/tor +ExecStartPre = /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --verify-config +ExecStart = /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc $ARGS +ExecReload = /bin/kill -HUP ${MAINPID} +KillSignal = SIGINT +TimeoutSec = 30 +Restart = on-failure +WatchdogSec = 1m +LimitNOFILE = 32768 + +# Hardening +PrivateTmp = yes +PrivateDevices = yes +ProtectHome = yes +ProtectSystem = full +ReadOnlyDirectories = / +ReadWriteDirectories = -/var/lib/tor +ReadWriteDirectories = -/var/log/tor +ReadWriteDirectories = -/var/run +CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER + +[Install] +WantedBy = multi-user.target -- 2.1.4
