aboutsummaryrefslogtreecommitdiff
path: root/contrib/debian
diff options
context:
space:
mode:
authorctp-tsteenholdt <tsteenholdt@cascadetechnologypartners.com>2018-04-20 08:34:12 -0200
committerctp-tsteenholdt <tsteenholdt@cascadetechnologypartners.com>2018-04-20 08:34:12 -0200
commit2a87b1b07c5c4f8b9b34747c5f254c2ae1e824bf (patch)
treea1751059eac3cc5f8f535188c9f882553c8881a5 /contrib/debian
parent9085532d35207c4a7690812ae82e476cf518d451 (diff)
Add systemd service for bitcoind
Adding systemd service for bitcoind, to provide for a simpler out-of-the-box experience. Configuration file is /etc/bitcoin/bitcoin.conf. This file is a copy of the sample configuration file. The service user 'bitcoin' is added during install. Its homedir is in '/var/lib/bitcoin'. bitcoind.service is disabled by default to allow the user to configure it, before starting it the first time. On package purge, the 'bitcoin' user as well as its homedir is left intact, to not accidentally remove a wallet or something of equal importance. Instead the user is presented with information on how to perform the cleanup manually, after making sure all important data has been backed up.
Diffstat (limited to 'contrib/debian')
-rw-r--r--contrib/debian/bitcoind.install1
-rw-r--r--contrib/debian/bitcoind.postinst27
-rw-r--r--contrib/debian/bitcoind.postrm35
-rw-r--r--contrib/debian/bitcoind.service45
-rw-r--r--contrib/debian/changelog6
-rw-r--r--contrib/debian/control5
-rwxr-xr-xcontrib/debian/rules17
7 files changed, 133 insertions, 3 deletions
diff --git a/contrib/debian/bitcoind.install b/contrib/debian/bitcoind.install
index 798ea851f6..86582a6c14 100644
--- a/contrib/debian/bitcoind.install
+++ b/contrib/debian/bitcoind.install
@@ -1,2 +1,3 @@
usr/local/bin/bitcoind usr/bin
usr/local/bin/bitcoin-cli usr/bin
+debian/examples/bitcoin.conf etc/bitcoin
diff --git a/contrib/debian/bitcoind.postinst b/contrib/debian/bitcoind.postinst
new file mode 100644
index 0000000000..e9884f3e36
--- /dev/null
+++ b/contrib/debian/bitcoind.postinst
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# setup bitcoin account, homedir etc
+
+set -e
+
+BCUSER="bitcoin"
+BCHOME="/var/lib/bitcoin"
+
+if [ "$1" = "configure" ]; then
+
+ # Add bitcoin user/group - this will gracefully abort if the user already exists.
+ # A homedir is never created.
+ adduser --system --home "${BCHOME}" --no-create-home --group "${BCUSER}"
+
+ # If the homedir does not already exist, create it with proper
+ # ownership and permissions.
+ if [ ! -d "${BCHOME}" ]; then
+ mkdir -m 0750 -p "${BCHOME}"
+ chown "${BCUSER}:${BCUSER}" "${BCHOME}"
+ fi
+
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/contrib/debian/bitcoind.postrm b/contrib/debian/bitcoind.postrm
new file mode 100644
index 0000000000..aa128750d8
--- /dev/null
+++ b/contrib/debian/bitcoind.postrm
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# setup bitcoin account, homedir etc
+
+set -e
+
+BCUSER="bitcoin"
+BCHOME="/var/lib/bitcoin"
+
+if [ "$1" = "purge" ]; then
+
+ # The bitcoin user is left in place for now - This is to ensure that a new user
+ # will not inherit the users UID/GID and inadvertently gain access to wallets etc
+
+ # The homedir is also left intact to ensure that we don't accidentally delete a
+ # wallet or something equally important
+
+ echo
+ echo "#"
+ echo "# The bitcoin user (${BCUSER}) and data dir (${BCHOME})"
+ echo "# were left intact."
+ echo "#"
+ echo "# Make sure to check \"${BCHOME}\" for wallets and other"
+ echo "# important bits."
+ echo "#"
+ echo "# After backing up all vital data, cleanup can be completed"
+ echo "# by running: sudo userdel -r ${BCUSER}"
+ echo "#"
+ echo
+
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/contrib/debian/bitcoind.service b/contrib/debian/bitcoind.service
new file mode 100644
index 0000000000..26c771f256
--- /dev/null
+++ b/contrib/debian/bitcoind.service
@@ -0,0 +1,45 @@
+# It is not recommended to modify this file in-place, because it will
+# be overwritten during package upgrades. If you want to add further
+# options or overwrite existing ones then use
+# $ systemctl edit bitcoind.service
+# See "man systemd.service" for details.
+
+# Note that almost all daemon options could be specified in
+# /etc/bitcoin/bitcoin.conf
+
+[Unit]
+Description=Bitcoin daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/bitcoind -daemon -datadir=/var/lib/bitcoin -conf=/etc/bitcoin/bitcoin.conf -pid=/run/bitcoind/bitcoind.pid
+# Creates /run/bitcoind owned by bitcoin
+RuntimeDirectory=bitcoind
+User=bitcoin
+Type=forking
+PIDFile=/run/bitcoind/bitcoind.pid
+Restart=on-failure
+
+# Hardening measures
+####################
+
+# Provide a private /tmp and /var/tmp.
+PrivateTmp=true
+
+# Mount /usr, /boot/ and /etc read-only for the process.
+ProtectSystem=full
+
+# Disallow the process and all of its children to gain
+# new privileges through execve().
+NoNewPrivileges=true
+
+# Use a new /dev namespace only populated with API pseudo devices
+# such as /dev/null, /dev/zero and /dev/random.
+PrivateDevices=true
+
+# Deny the creation of writable and executable memory mappings.
+# Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS
+#MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/debian/changelog b/contrib/debian/changelog
index dd644559ff..1c7ad362da 100644
--- a/contrib/debian/changelog
+++ b/contrib/debian/changelog
@@ -1,3 +1,9 @@
+bitcoin (0.16.0-trusty2) trusty; urgency=medium
+
+ * Add systemd service to bitcoind
+
+ -- Thomas M Steenholdt <tsteenholdt@cascadetechnologypartners.com> Wed, 18 Apr 2018 16:40:00 -0200
+
bitcoin (0.16.0-xenial1) xenial; urgency=medium
* Mark for xenial.
diff --git a/contrib/debian/control b/contrib/debian/control
index b7ca999bac..ffb56f9eaa 100644
--- a/contrib/debian/control
+++ b/contrib/debian/control
@@ -25,7 +25,8 @@ Build-Depends: debhelper,
libqrencode-dev,
libprotobuf-dev, protobuf-compiler,
python,
- libzmq3-dev
+ libzmq3-dev,
+ dh-systemd
Standards-Version: 3.9.2
Homepage: https://bitcoincore.org/
Vcs-Git: git://github.com/bitcoin/bitcoin.git
@@ -33,7 +34,7 @@ Vcs-Browser: https://github.com/bitcoin/bitcoin
Package: bitcoind
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
Description: peer-to-peer network based digital currency - daemon
Bitcoin is a free open source peer-to-peer electronic cash system that
is completely decentralized, without the need for a central server or
diff --git a/contrib/debian/rules b/contrib/debian/rules
index 84c5edd4a4..fcd0c39413 100755
--- a/contrib/debian/rules
+++ b/contrib/debian/rules
@@ -6,7 +6,7 @@
# $(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),,src/test_bitcoin)
%:
- dh --with bash-completion $@
+ dh --with bash-completion --with systemd $@
override_dh_auto_clean:
if [ -f Makefile ]; then $(MAKE) distclean; fi
@@ -32,3 +32,18 @@ ifeq ($(QT), qt4)
else
make check
endif
+
+# No SysV or Upstart init scripts included
+override_dh_installinit:
+ dh_installinit \
+ --noscripts
+
+# Don’t enable service by default
+override_dh_systemd_enable:
+ dh_systemd_enable \
+ --no-enable
+
+# Restart after upgrade
+override_dh_systemd_start:
+ dh_systemd_start \
+ --restart-after-upgrade