diff options
author | ctp-tsteenholdt <tsteenholdt@cascadetechnologypartners.com> | 2018-04-20 08:34:12 -0200 |
---|---|---|
committer | ctp-tsteenholdt <tsteenholdt@cascadetechnologypartners.com> | 2018-04-20 08:34:12 -0200 |
commit | 2a87b1b07c5c4f8b9b34747c5f254c2ae1e824bf (patch) | |
tree | a1751059eac3cc5f8f535188c9f882553c8881a5 /contrib/debian | |
parent | 9085532d35207c4a7690812ae82e476cf518d451 (diff) |
Add systemd service for bitcoind
Adding systemd service for bitcoind, to provide for a simpler
out-of-the-box experience.
Configuration file is /etc/bitcoin/bitcoin.conf. This file is a
copy of the sample configuration file.
The service user 'bitcoin' is added during install. Its homedir
is in '/var/lib/bitcoin'.
bitcoind.service is disabled by default to allow the user to
configure it, before starting it the first time.
On package purge, the 'bitcoin' user as well as its homedir is
left intact, to not accidentally remove a wallet or something of
equal importance. Instead the user is presented with information
on how to perform the cleanup manually, after making sure all
important data has been backed up.
Diffstat (limited to 'contrib/debian')
-rw-r--r-- | contrib/debian/bitcoind.install | 1 | ||||
-rw-r--r-- | contrib/debian/bitcoind.postinst | 27 | ||||
-rw-r--r-- | contrib/debian/bitcoind.postrm | 35 | ||||
-rw-r--r-- | contrib/debian/bitcoind.service | 45 | ||||
-rw-r--r-- | contrib/debian/changelog | 6 | ||||
-rw-r--r-- | contrib/debian/control | 5 | ||||
-rwxr-xr-x | contrib/debian/rules | 17 |
7 files changed, 133 insertions, 3 deletions
diff --git a/contrib/debian/bitcoind.install b/contrib/debian/bitcoind.install index 798ea851f6..86582a6c14 100644 --- a/contrib/debian/bitcoind.install +++ b/contrib/debian/bitcoind.install @@ -1,2 +1,3 @@ usr/local/bin/bitcoind usr/bin usr/local/bin/bitcoin-cli usr/bin +debian/examples/bitcoin.conf etc/bitcoin diff --git a/contrib/debian/bitcoind.postinst b/contrib/debian/bitcoind.postinst new file mode 100644 index 0000000000..e9884f3e36 --- /dev/null +++ b/contrib/debian/bitcoind.postinst @@ -0,0 +1,27 @@ +#!/bin/sh + +# setup bitcoin account, homedir etc + +set -e + +BCUSER="bitcoin" +BCHOME="/var/lib/bitcoin" + +if [ "$1" = "configure" ]; then + + # Add bitcoin user/group - this will gracefully abort if the user already exists. + # A homedir is never created. + adduser --system --home "${BCHOME}" --no-create-home --group "${BCUSER}" + + # If the homedir does not already exist, create it with proper + # ownership and permissions. + if [ ! -d "${BCHOME}" ]; then + mkdir -m 0750 -p "${BCHOME}" + chown "${BCUSER}:${BCUSER}" "${BCHOME}" + fi + +fi + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/bitcoind.postrm b/contrib/debian/bitcoind.postrm new file mode 100644 index 0000000000..aa128750d8 --- /dev/null +++ b/contrib/debian/bitcoind.postrm @@ -0,0 +1,35 @@ +#!/bin/sh + +# setup bitcoin account, homedir etc + +set -e + +BCUSER="bitcoin" +BCHOME="/var/lib/bitcoin" + +if [ "$1" = "purge" ]; then + + # The bitcoin user is left in place for now - This is to ensure that a new user + # will not inherit the users UID/GID and inadvertently gain access to wallets etc + + # The homedir is also left intact to ensure that we don't accidentally delete a + # wallet or something equally important + + echo + echo "#" + echo "# The bitcoin user (${BCUSER}) and data dir (${BCHOME})" + echo "# were left intact." + echo "#" + echo "# Make sure to check \"${BCHOME}\" for wallets and other" + echo "# important bits." + echo "#" + echo "# After backing up all vital data, cleanup can be completed" + echo "# by running: sudo userdel -r ${BCUSER}" + echo "#" + echo + +fi + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/bitcoind.service b/contrib/debian/bitcoind.service new file mode 100644 index 0000000000..26c771f256 --- /dev/null +++ b/contrib/debian/bitcoind.service @@ -0,0 +1,45 @@ +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. + +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf + +[Unit] +Description=Bitcoin daemon +After=network.target + +[Service] +ExecStart=/usr/bin/bitcoind -daemon -datadir=/var/lib/bitcoin -conf=/etc/bitcoin/bitcoin.conf -pid=/run/bitcoind/bitcoind.pid +# Creates /run/bitcoind owned by bitcoin +RuntimeDirectory=bitcoind +User=bitcoin +Type=forking +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure + +# Hardening measures +#################### + +# Provide a private /tmp and /var/tmp. +PrivateTmp=true + +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full + +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true + +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true + +# Deny the creation of writable and executable memory mappings. +# Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS +#MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target diff --git a/contrib/debian/changelog b/contrib/debian/changelog index dd644559ff..1c7ad362da 100644 --- a/contrib/debian/changelog +++ b/contrib/debian/changelog @@ -1,3 +1,9 @@ +bitcoin (0.16.0-trusty2) trusty; urgency=medium + + * Add systemd service to bitcoind + + -- Thomas M Steenholdt <tsteenholdt@cascadetechnologypartners.com> Wed, 18 Apr 2018 16:40:00 -0200 + bitcoin (0.16.0-xenial1) xenial; urgency=medium * Mark for xenial. diff --git a/contrib/debian/control b/contrib/debian/control index b7ca999bac..ffb56f9eaa 100644 --- a/contrib/debian/control +++ b/contrib/debian/control @@ -25,7 +25,8 @@ Build-Depends: debhelper, libqrencode-dev, libprotobuf-dev, protobuf-compiler, python, - libzmq3-dev + libzmq3-dev, + dh-systemd Standards-Version: 3.9.2 Homepage: https://bitcoincore.org/ Vcs-Git: git://github.com/bitcoin/bitcoin.git @@ -33,7 +34,7 @@ Vcs-Browser: https://github.com/bitcoin/bitcoin Package: bitcoind Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser Description: peer-to-peer network based digital currency - daemon Bitcoin is a free open source peer-to-peer electronic cash system that is completely decentralized, without the need for a central server or diff --git a/contrib/debian/rules b/contrib/debian/rules index 84c5edd4a4..fcd0c39413 100755 --- a/contrib/debian/rules +++ b/contrib/debian/rules @@ -6,7 +6,7 @@ # $(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),,src/test_bitcoin) %: - dh --with bash-completion $@ + dh --with bash-completion --with systemd $@ override_dh_auto_clean: if [ -f Makefile ]; then $(MAKE) distclean; fi @@ -32,3 +32,18 @@ ifeq ($(QT), qt4) else make check endif + +# No SysV or Upstart init scripts included +override_dh_installinit: + dh_installinit \ + --noscripts + +# Don’t enable service by default +override_dh_systemd_enable: + dh_systemd_enable \ + --no-enable + +# Restart after upgrade +override_dh_systemd_start: + dh_systemd_start \ + --restart-after-upgrade |