diff --git a/contrib/.DS_Store b/contrib/.DS_Store new file mode 100644 index 00000000..61161474 Binary files /dev/null and b/contrib/.DS_Store differ diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh index ebe2753a..9c256162 100644 --- a/contrib/deb/generate.sh +++ b/contrib/deb/generate.sh @@ -21,6 +21,9 @@ if [ $PKGBRANCH = "master" ]; then PKGREPLACES=yggdrasil-develop fi +LDFLAGS="-X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultConfig=/etc/yggdrasil/yggdrasil.conf" +LDFLAGS="${LDFLAGS} -X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultAdminListen=unix://var/run/yggdrasil/yggdrasil.sock" + if [ $PKGARCH = "amd64" ]; then GOARCH=amd64 GOOS=linux ./build elif [ $PKGARCH = "i386" ]; then GOARCH=386 GOOS=linux ./build elif [ $PKGARCH = "mipsel" ]; then GOARCH=mipsle GOOS=linux ./build @@ -38,7 +41,7 @@ echo "Building $PKGFILE" mkdir -p /tmp/$PKGNAME/ mkdir -p /tmp/$PKGNAME/debian/ mkdir -p /tmp/$PKGNAME/usr/bin/ -mkdir -p /tmp/$PKGNAME/etc/systemd/system/ +mkdir -p /tmp/$PKGNAME/usr/lib/systemd/system/ cat > /tmp/$PKGNAME/debian/changelog << EOF Please see https://github.com/yggdrasil-network/yggdrasil-go/ @@ -68,35 +71,52 @@ EOF cat > /tmp/$PKGNAME/debian/install << EOF usr/bin/yggdrasil usr/bin usr/bin/yggdrasilctl usr/bin -etc/systemd/system/*.service etc/systemd/system +usr/lib/systemd/system/*.service usr/lib/systemd/system EOF cat > /tmp/$PKGNAME/debian/postinst << EOF #!/bin/sh +systemctl daemon-reload + if ! getent group yggdrasil 2>&1 > /dev/null; then - groupadd --system --force yggdrasil || echo "Failed to create group 'yggdrasil' - please create it manually and reinstall" + groupadd --system --force yggdrasil fi -if [ -f /etc/yggdrasil.conf ]; +if [ ! -d /etc/yggdrasil ]; +then + mkdir -p /etc/yggdrasil + chown root:yggdrasil /etc/yggdrasil + chmod 750 /etc/yggdrasil +fi + +if [ ! -f /etc/yggdrasil/yggdrasil.conf ]; +then + test -f /etc/yggdrasil.conf && mv /etc/yggdrasil.conf /etc/yggdrasil/yggdrasil.conf +fi + +if [ -f /etc/yggdrasil/yggdrasil.conf ]; then mkdir -p /var/backups echo "Backing up configuration file to /var/backups/yggdrasil.conf.`date +%Y%m%d`" - cp /etc/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d` - echo "Normalising and updating /etc/yggdrasil.conf" - /usr/bin/yggdrasil -useconf -normaliseconf < /var/backups/yggdrasil.conf.`date +%Y%m%d` > /etc/yggdrasil.conf - chgrp yggdrasil /etc/yggdrasil.conf + cp /etc/yggdrasil/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d` - if command -v systemctl >/dev/null; then - systemctl daemon-reload >/dev/null || true - systemctl enable yggdrasil || true - systemctl start yggdrasil || true - fi + echo "Normalising and updating /etc/yggdrasil/yggdrasil.conf" + /usr/bin/yggdrasil -useconf -normaliseconf < /var/backups/yggdrasil.conf.`date +%Y%m%d` > /etc/yggdrasil/yggdrasil.conf + + chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf + chmod 640 /etc/yggdrasil/yggdrasil.conf else - echo "Generating initial configuration file /etc/yggdrasil.conf" - echo "Please familiarise yourself with this file before starting Yggdrasil" - sh -c 'umask 0027 && /usr/bin/yggdrasil -genconf > /etc/yggdrasil.conf' - chgrp yggdrasil /etc/yggdrasil.conf + echo "Generating initial configuration file /etc/yggdrasil/yggdrasil.conf" + /usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf + + chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf + chmod 640 /etc/yggdrasil/yggdrasil.conf fi + +systemctl enable yggdrasil +systemctl restart yggdrasil + +exit 0 EOF cat > /tmp/$PKGNAME/debian/prerm << EOF #!/bin/sh @@ -110,13 +130,13 @@ EOF cp yggdrasil /tmp/$PKGNAME/usr/bin/ cp yggdrasilctl /tmp/$PKGNAME/usr/bin/ -cp contrib/systemd/*.service /tmp/$PKGNAME/etc/systemd/system/ +cp contrib/systemd/*.service /tmp/$PKGNAME/usr/lib/systemd/system/ -tar -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \ +tar --no-xattrs -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \ usr/bin/yggdrasil usr/bin/yggdrasilctl \ - etc/systemd/system/yggdrasil.service \ - etc/systemd/system/yggdrasil-default-config.service -tar -czvf /tmp/$PKGNAME/control.tar.gz -C /tmp/$PKGNAME/debian . + usr/lib/systemd/system/yggdrasil.service \ + usr/lib/systemd/system/yggdrasil-default-config.service +tar --no-xattrs -czvf /tmp/$PKGNAME/control.tar.gz -C /tmp/$PKGNAME/debian . echo 2.0 > /tmp/$PKGNAME/debian-binary ar -r $PKGFILE \ diff --git a/contrib/systemd/yggdrasil-default-config.service b/contrib/systemd/yggdrasil-default-config.service index e9fe45be..dc3fdc5a 100644 --- a/contrib/systemd/yggdrasil-default-config.service +++ b/contrib/systemd/yggdrasil-default-config.service @@ -1,13 +1,13 @@ [Unit] -Description=yggdrasil default config generator -ConditionPathExists=|!/etc/yggdrasil.conf -ConditionFileNotEmpty=|!/etc/yggdrasil.conf +Description=Yggdrasil default config generator +ConditionPathExists=|!/etc/yggdrasil/yggdrasil.conf +ConditionFileNotEmpty=|!/etc/yggdrasil/yggdrasil.conf Wants=local-fs.target After=local-fs.target [Service] Type=oneshot Group=yggdrasil -StandardOutput=file:/etc/yggdrasil.conf -ExecStart=/usr/bin/yggdrasil -genconf -ExecStartPost=/usr/bin/chmod 0640 /etc/yggdrasil.conf +ExecStartPre=/usr/bin/mkdir -p /etc/yggdrasil +ExecStart=/usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf +ExecStartPost=/usr/bin/chmod -R 0640 /etc/yggdrasil diff --git a/contrib/systemd/yggdrasil.service b/contrib/systemd/yggdrasil.service index cdada6c0..0b8f8ca8 100644 --- a/contrib/systemd/yggdrasil.service +++ b/contrib/systemd/yggdrasil.service @@ -1,5 +1,5 @@ [Unit] -Description=yggdrasil +Description=Yggdrasil Network Wants=network-online.target Wants=yggdrasil-default-config.service After=network-online.target @@ -8,14 +8,18 @@ After=yggdrasil-default-config.service [Service] Group=yggdrasil ProtectHome=true -ProtectSystem=true +ProtectSystem=strict +NoNewPrivileges=true +RuntimeDirectory=yggdrasil +ReadWritePaths=/var/run/yggdrasil/ /run/yggdrasil/ SyslogIdentifier=yggdrasil CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE ExecStartPre=+-/sbin/modprobe tun -ExecStart=/usr/bin/yggdrasil -useconffile /etc/yggdrasil.conf +ExecStart=/usr/bin/yggdrasil -useconffile /etc/yggdrasil.conf.backup ExecReload=/bin/kill -HUP $MAINPID Restart=always TimeoutStopSec=5 [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file