7 files changed, 133 insertions, 3 deletions

diff --git a/contrib/debian/bitcoind.install b/contrib/debian/bitcoind.install
index 798ea851f6..86582a6c14 100644
--- a/contrib/debian/bitcoind.install
+++ b/contrib/debian/bitcoind.install
@@ -1,2 +1,3 @@
 usr/local/bin/bitcoind usr/bin
 usr/local/bin/bitcoin-cli usr/bin
+debian/examples/bitcoin.conf etc/bitcoin
diff --git a/contrib/debian/bitcoind.postinst b/contrib/debian/bitcoind.postinst
new file mode 100644
index 0000000000..e9884f3e36
--- /dev/null
+++ b/contrib/debian/bitcoind.postinst
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# setup bitcoin account, homedir etc
+
+set -e
+
+BCUSER="bitcoin"
+BCHOME="/var/lib/bitcoin"
+
+if [ "$1" = "configure" ]; then
+
+	# Add bitcoin user/group - this will gracefully abort if the user already exists.
+	# A homedir is never created.
+	adduser --system --home "${BCHOME}" --no-create-home --group "${BCUSER}"
+
+	# If the homedir does not already exist, create it with proper
+	# ownership and permissions.
+	if [ ! -d "${BCHOME}" ]; then
+		mkdir -m 0750 -p "${BCHOME}"
+		chown "${BCUSER}:${BCUSER}" "${BCHOME}"
+	fi
+
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/contrib/debian/bitcoind.postrm b/contrib/debian/bitcoind.postrm
new file mode 100644
index 0000000000..aa128750d8
--- /dev/null
+++ b/contrib/debian/bitcoind.postrm
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# setup bitcoin account, homedir etc
+
+set -e
+
+BCUSER="bitcoin"
+BCHOME="/var/lib/bitcoin"
+
+if [ "$1" = "purge" ]; then
+
+	# The bitcoin user is left in place for now - This is to ensure that a new user
+	# will not inherit the users UID/GID and inadvertently gain access to wallets etc
+
+	# The homedir is also left intact to ensure that we don't accidentally delete a
+	# wallet or something equally important
+
+	echo
+	echo "#"
+	echo "#  The bitcoin user (${BCUSER}) and data dir (${BCHOME})"
+	echo "#  were left intact."
+	echo "#"
+	echo "#  Make sure to check \"${BCHOME}\" for wallets and other"
+	echo "#  important bits."
+	echo "#"
+	echo "#  After backing up all vital data, cleanup can be completed"
+	echo "#  by running: sudo userdel -r ${BCUSER}"
+	echo "#"
+	echo
+
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/contrib/debian/bitcoind.service b/contrib/debian/bitcoind.service
new file mode 100644
index 0000000000..26c771f256
--- /dev/null
+++ b/contrib/debian/bitcoind.service
@@ -0,0 +1,45 @@
+# It is not recommended to modify this file in-place, because it will
+# be overwritten during package upgrades. If you want to add further
+# options or overwrite existing ones then use
+# $ systemctl edit bitcoind.service
+# See "man systemd.service" for details.
+
+# Note that almost all daemon options could be specified in
+# /etc/bitcoin/bitcoin.conf
+
+[Unit]
+Description=Bitcoin daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/bitcoind -daemon -datadir=/var/lib/bitcoin -conf=/etc/bitcoin/bitcoin.conf -pid=/run/bitcoind/bitcoind.pid
+# Creates /run/bitcoind owned by bitcoin
+RuntimeDirectory=bitcoind
+User=bitcoin
+Type=forking
+PIDFile=/run/bitcoind/bitcoind.pid
+Restart=on-failure
+
+# Hardening measures
+####################
+
+# Provide a private /tmp and /var/tmp.
+PrivateTmp=true
+
+# Mount /usr, /boot/ and /etc read-only for the process.
+ProtectSystem=full
+
+# Disallow the process and all of its children to gain
+# new privileges through execve().
+NoNewPrivileges=true
+
+# Use a new /dev namespace only populated with API pseudo devices
+# such as /dev/null, /dev/zero and /dev/random.
+PrivateDevices=true
+
+# Deny the creation of writable and executable memory mappings.
+# Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS
+#MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/debian/changelog b/contrib/debian/changelog
index dd644559ff..1c7ad362da 100644
--- a/contrib/debian/changelog
+++ b/contrib/debian/changelog
@@ -1,3 +1,9 @@
+bitcoin (0.16.0-trusty2) trusty; urgency=medium
+
+  * Add systemd service to bitcoind
+
+ -- Thomas M Steenholdt <tsteenholdt@cascadetechnologypartners.com>  Wed, 18 Apr 2018 16:40:00 -0200
+
 bitcoin (0.16.0-xenial1) xenial; urgency=medium
 
   * Mark for xenial.
diff --git a/contrib/debian/control b/contrib/debian/control
index b7ca999bac..ffb56f9eaa 100644
--- a/contrib/debian/control
+++ b/contrib/debian/control
@@ -25,7 +25,8 @@ Build-Depends: debhelper,
  libqrencode-dev,
  libprotobuf-dev, protobuf-compiler,
  python,
- libzmq3-dev
+ libzmq3-dev,
+ dh-systemd
 Standards-Version: 3.9.2
 Homepage: https://bitcoincore.org/
 Vcs-Git: git://github.com/bitcoin/bitcoin.git
@@ -33,7 +34,7 @@ Vcs-Browser: https://github.com/bitcoin/bitcoin
 
 Package: bitcoind
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
 Description: peer-to-peer network based digital currency - daemon
  Bitcoin is a free open source peer-to-peer electronic cash system that
  is completely decentralized, without the need for a central server or
diff --git a/contrib/debian/rules b/contrib/debian/rules
index 84c5edd4a4..fcd0c39413 100755
--- a/contrib/debian/rules
+++ b/contrib/debian/rules
@@ -6,7 +6,7 @@
 #	$(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),,src/test_bitcoin)
 
 %:
-	dh --with bash-completion $@
+	dh --with bash-completion --with systemd $@
 
 override_dh_auto_clean:
 	if [ -f Makefile ]; then $(MAKE) distclean; fi
@@ -32,3 +32,18 @@ ifeq ($(QT), qt4)
 else
 	make check
 endif
+
+# No SysV or Upstart init scripts included
+override_dh_installinit:
+	dh_installinit \
+		--noscripts
+
+# Don’t enable service by default
+override_dh_systemd_enable:
+	dh_systemd_enable \
+		--no-enable
+
+# Restart after upgrade
+override_dh_systemd_start:
+	dh_systemd_start \
+		--restart-after-upgrade