Package: csync2 Version: 2.0+73d3293-2 Severity: wishlist Tags: patch Usertags: systemd-units X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org
Dear Maintainer, The attached patch was prepared to make csync2 a socket activated service managed with systemd and avoid the use of inetd, it also configures systemd to run csync2 as a system user. With this approach the use of root privileges in the synchronization process is avoided and, if they are required, the cluster admin may enable them with a drop-in configuration file. Although the use of a system user requires some care with the ownership of the synchronized files and state database, I think the benefits of the privilege reduction may be worth the effort. The systemd unit files are based on the ones published in https://github.com/mk-fg/fg_exheres/tree/master/packages/sys-apps/csync2/files/systemd and the directions received from systemd maintainers have been followed. Some limited testing has been done in a four node cluster, I hope the patch can be useful. Regards, -- System Information: Debian Release: 8.2 APT prefers stable APT policy: (900, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages csync2 depends on: ii adduser 3.113+nmu3 ii init-system-helpers 1.22 ii libc6 2.19-18+deb8u1 ii libgnutls-deb0-28 3.3.8-6+deb8u3 ii librsync1 0.9.7-10 ii netbase 5.3 csync2 recommends no packages. Versions of packages csync2 suggests: pn sqlite3 <none> -- Configuration Files: /etc/csync2.cfg changed [not included] -- no debconf information -- Dhionel Díaz Centro Nacional de Desarrollo e Investigación en Tecnologías Libres Ministerio del Poder Popular para Educación Universitaria, Ciencia y Tecnología
diff -Nru csync2-2.0+73d3293/debian/control csync2-2.0+73d3293/debian/control
--- csync2-2.0+73d3293/debian/control 2015-08-11 05:10:56.000000000 -0430
+++ csync2-2.0+73d3293/debian/control 2015-12-01 16:40:28.000000000 -0430
@@ -10,6 +10,7 @@
automake,
bison,
dh-autoreconf,
+ dh-systemd,
flex,
libmysqlclient-dev,
libpq-dev,
@@ -27,7 +28,7 @@
Depends: ${misc:Depends},
${shlibs:Depends},
netbase (>= 4.25),
- openbsd-inetd | inet-superserver
+ adduser
Suggests: sqlite3
Description: cluster synchronization tool
CSYNC2 synchronizes files in a cluster using the rsync-algorithm.
diff -Nru csync2-2.0+73d3293/debian/cron.d csync2-2.0+73d3293/debian/cron.d
--- csync2-2.0+73d3293/debian/cron.d 2015-07-27 05:14:06.000000000 -0430
+++ csync2-2.0+73d3293/debian/cron.d 2015-12-01 15:15:05.000000000 -0430
@@ -19,4 +19,4 @@
# along with this program; if not, write to the Free Software
# Foundation
#
-# 0 4 * * * root csync2 -cr / ; csync2 -T <my-hostname> <peer-hostname>
+# 0 4 * * * csync2 csync2 -cr / ; csync2 -T <my-hostname> <peer-hostname>
diff -Nru csync2-2.0+73d3293/debian/install csync2-2.0+73d3293/debian/install
--- csync2-2.0+73d3293/debian/install 2015-08-03 10:25:57.000000000 -0430
+++ csync2-2.0+73d3293/debian/install 2015-12-01 17:25:32.000000000 -0430
@@ -1 +1,3 @@
csync2.cfg etc
+debian/systemd/csync2.socket lib/systemd/system
+debian/systemd/csync2@.service lib/systemd/system
diff -Nru csync2-2.0+73d3293/debian/postinst csync2-2.0+73d3293/debian/postinst
--- csync2-2.0+73d3293/debian/postinst 2015-07-27 05:14:06.000000000 -0430
+++ csync2-2.0+73d3293/debian/postinst 2015-12-01 16:37:57.000000000 -0430
@@ -19,14 +19,14 @@
case "$1" in
configure)
-
- if ! grep -q "^csync2" /etc/inetd.conf ; then
- update-inetd --remove '^csync2'
- update-inetd --group OTHER --add \
- 'csync2\t\tstream\ttcp\tnowait\troot\t/usr/sbin/csync2\tcsync2 -i'
- fi
-
-
+ adduser --quiet --system --group \
+ --home /var/lib/csync2 --no-create-home \
+ csync2
+ if ! dpkg-statoverride --list /var/lib/csyn2 >/dev/null 2>&1
+ then
+ chown -R csync2:csync2 /var/lib/csync2
+ chmod -R u=rwX,g=rX,o= /var/lib/csync2
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff -Nru csync2-2.0+73d3293/debian/prerm csync2-2.0+73d3293/debian/prerm
--- csync2-2.0+73d3293/debian/prerm 2015-08-03 10:59:17.000000000 -0430
+++ csync2-2.0+73d3293/debian/prerm 2015-12-01 17:28:19.000000000 -0430
@@ -19,11 +19,6 @@
case "$1" in
remove|upgrade|deconfigure)
-
- update-inetd --remove '^csync2'
- if [ -f /var/run/inetd.pid ] ; then
- kill -s HUP $(cat /var/run/inetd.pid)
- fi
;;
failed-upgrade)
;;
diff -Nru csync2-2.0+73d3293/debian/rules csync2-2.0+73d3293/debian/rules
--- csync2-2.0+73d3293/debian/rules 2015-08-04 05:22:46.000000000 -0430
+++ csync2-2.0+73d3293/debian/rules 2015-12-01 18:03:48.000000000 -0430
@@ -4,7 +4,7 @@
CFLAGS = $(shell dpkg-buildflags --get CFLAGS) -I$(shell pg_config --includedir)
%:
- dh $@ --with autotools_dev,autoreconf
+ dh $@ --with autotools_dev,autoreconf,systemd
override_dh_auto_configure:
dh_auto_configure \
diff -Nru csync2-2.0+73d3293/debian/systemd/csync2.socket csync2-2.0+73d3293/debian/systemd/csync2.socket
--- csync2-2.0+73d3293/debian/systemd/csync2.socket 1969-12-31 20:00:00.000000000 -0400
+++ csync2-2.0+73d3293/debian/systemd/csync2.socket 2015-12-07 10:29:43.000000000 -0430
@@ -0,0 +1,9 @@
+[Unit]
+Description=csync2 asynchronous file synchronization socket
+
+[Socket]
+ListenStream=30865
+Accept=true
+
+[Install]
+WantedBy=sockets.target
diff -Nru csync2-2.0+73d3293/debian/systemd/csync2@.service csync2-2.0+73d3293/debian/systemd/csync2@.service
--- csync2-2.0+73d3293/debian/systemd/csync2@.service 1969-12-31 20:00:00.000000000 -0400
+++ csync2-2.0+73d3293/debian/systemd/csync2@.service 2015-12-07 16:16:14.000000000 -0430
@@ -0,0 +1,8 @@
+[Unit]
+Description=csync2 asynchronous file synchronization
+
+[Service]
+User=csync2
+Group=csync2
+ExecStart=-/usr/sbin/csync2 -i
+StandardInput=socket
signature.asc
Description: OpenPGP digital signature
