diff options
Diffstat (limited to 'gmid')
-rw-r--r-- | gmid/README | 12 | ||||
-rw-r--r-- | gmid/doinst.sh | 6 | ||||
-rw-r--r-- | gmid/files/gmid.conf.new | 40 | ||||
-rw-r--r-- | gmid/files/rc.gmid.new | 81 | ||||
-rw-r--r-- | gmid/gmid.SlackBuild | 22 | ||||
-rw-r--r-- | gmid/slack-desc | 8 |
6 files changed, 92 insertions, 77 deletions
diff --git a/gmid/README b/gmid/README index cbd4fdc..87646b7 100644 --- a/gmid/README +++ b/gmid/README @@ -1,12 +1,8 @@ -gmid is a server for the Gemini protocol. It has various features, among which -Capsicum support and a "config-less" mode akin to "python -m http.server" to -quickly serve local directories from the shell. +It can serve static files, has optional FastCGI and proxying support, +and a rich configuration syntax. -This setup differs from the project's standard by avoiding to run the service -as root. It comes at the cost of not supporting 'chroot'. - -To have the gmid daemon start and stop with your host, -add to /etc/rc.d/rc.local: +To have the gmid daemon start and stop with your host, add to +/etc/rc.d/rc.local: if [ -x /etc/rc.d/rc.gmid ]; then /etc/rc.d/rc.gmid start diff --git a/gmid/doinst.sh b/gmid/doinst.sh index c94965b..9c1195c 100644 --- a/gmid/doinst.sh +++ b/gmid/doinst.sh @@ -32,9 +32,5 @@ if ! getent passwd gmid >/dev/null; then || true fi +preserve_perms etc/gmid.conf.new preserve_perms etc/rc.d/rc.gmid.new - -config etc/gmid/gmid.conf.new -chown gmid:gmid etc/gmid/certs - -chown gmid:gmid var/log/gmid diff --git a/gmid/files/gmid.conf.new b/gmid/files/gmid.conf.new index 3b725ad..c725e4f 100644 --- a/gmid/files/gmid.conf.new +++ b/gmid/files/gmid.conf.new @@ -1,24 +1,30 @@ -log { - access /var/log/gmid/gmid.log -} +# Directory to isolate process. +# +# Only available when starting gmid as root. +chroot "/srv/gmid" + +# User to run daemon as. Mandatory if chroot is used. +user "gmid" # An example of a server block: -server "localhost" { +server "example.com" { listen on * port 1965 - # set the directory to serve - root "localhost" + # Path to the root directory of your capsule. + root "example.com" - # Set self-signed TLS cert and key. It's better to keep - # the keys outside the chroot. + # Set self-signed TLS cert and key. It is better to keep the keys + # outside the chroot. + # + # This key expires after 365 days, keep in mind to renew it. # - # sudo -u gmid -- \ - # openssl req -x509 \ - # -newkey rsa:4096 \ - # -nodes \ - # -out /etc/gmid/certs/localhost.crt \ - # -keyout /etc/gmid/certs/localhost.key \ - # -subj "/CN=localhost" - cert "/etc/gmid/certs/localhost.crt" - key "/etc/gmid/certs/localhost.key" + # openssl req -x509 \ + # -newkey rsa:4096 \ + # -days 365 \ + # -nodes \ + # -out /etc/ssl/gmid/example.com.pem \ + # -keyout /etc/ssl/gmid/example.com.key \ + # -subj "/CN=example.com" + cert "/etc/ssl/gmid/example.com.pem" + key "/etc/ssl/gmid/example.com.key" } diff --git a/gmid/files/rc.gmid.new b/gmid/files/rc.gmid.new index 33044b7..4b9e006 100644 --- a/gmid/files/rc.gmid.new +++ b/gmid/files/rc.gmid.new @@ -3,54 +3,91 @@ # Startup/shutdown script for the gmid gemini service. # -create_run_dir() { +GMID_USER=${GMID_USER:-root} + +create_gmid_run_dir() { if [ ! -d /run/gmid/ ]; then mkdir -p /run/gmid - chown :gmid /run/gmid - chmod g+wX /run/gmid + chown gmid:gmid /run/gmid fi } -start() { - echo "Starting gmid gemini service" - create_run_dir +gmid_reload() +{ + create_gmid_run_dir + + local pid="$(2>/dev/null cat /run/gmid/gmid.pid)" + + if [ -z "$pid" ] || ! kill -0 "$pid" >/dev/null; then + echo "gmid is not running" + + return + fi + + echo "Reloading gmid configuration" + kill -HUP "$(cat /run/gmid/gmid.pid)" +} + +gmid_start() { + create_gmid_run_dir + + local pid="$(2>/dev/null cat /run/gmid/gmid.pid)" + + if [ -n "$pid" ] || kill -0 "$pid" 2>/dev/null; then + echo "gmid is already running" - sudo -u gmid -- gmid \ - -c /etc/gmid/gmid.conf \ + return + fi + + echo "Starting gmid gemini service" + sudo -u "$GMID_USER" -- gmid \ + -c /etc/gmid.conf \ -P /run/gmid/gmid.pid } -status() { - create_run_dir +gmid_status() { + create_gmid_run_dir - if [ -f /run/gmid/gmid.pid ] && [ kill -0 "$(cat /run/gmid/gmid.pid)" >/dev/null ]; then - echo "gmid is running" - else + local pid="$(2>/dev/null cat /run/gmid/gmid.pid)" + + if [ -z "$pid" ] || ! kill -0 "$pid" 2>/dev/null; then echo "gmid is not running" + + return fi + + echo "gmid is running" } -stop() { +gmid_stop() { echo "Stopping gmid gemini service" - create_run_dir + create_gmid_run_dir - if [ -f /run/gmid/gmid.pid ]; then - sudo -u gmid -- kill -SIGINT "$(cat /run/gmid/gmid.pid)" + local pid="$(2>/dev/null cat /run/gmid/gmid.pid)" + + if [ -z "$pid" ] || ! kill -0 "$pid" 2>/dev/null; then + echo "gmid is not running" + + return fi + + sudo -u "$GMID_USER" -- kill -TERM "$pid" } case "$1" in +reload) + gmid_reload + ;; start) - start + gmid_start ;; status) - status + gmid_status ;; stop) - stop + gmid_stop ;; *) - echo "Usage: $0 {start|stop|status}" + echo "Usage: $0 {reload|start|status|stop}" exit 1 esac - diff --git a/gmid/gmid.SlackBuild b/gmid/gmid.SlackBuild index 9c7169a..3c0e6ad 100644 --- a/gmid/gmid.SlackBuild +++ b/gmid/gmid.SlackBuild @@ -41,34 +41,20 @@ find -L . \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -# Your application will probably need different configure flags; -# these are provided as an example only. -# Be sure to build only shared libraries unless there's some need for -# static. CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ - --sysconfdir=/etc/gmid \ --mandir=/usr/man -# Compile the application and install it into the $PKG directory make make install DESTDIR=$PKG -# Don't ship .la files: rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la -# Strip binaries and libraries - this can be done with 'make install-strip' -# in many source trees, and that's usually acceptable if so, but if not, -# use this: find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true -# Compress man pages -# If the man pages are installed to /usr/share/man instead, you'll need to either -# add the --mandir=/usr/man flag to configure or move them manually after the -# make install process is run. find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done @@ -85,17 +71,13 @@ mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh -mkdir -p "$PKG/etc/gmid" -mkdir -p "$PKG/etc/gmid/certs" -cp -R "$CWD/files/gmid.conf.new" "$PKG/etc/gmid/" +mkdir -p "$PKG/etc" +cp -R "$CWD/files/gmid.conf.new" "$PKG/etc" mkdir -p "$PKG/etc/rc.d" cp -R "$CWD/files/rc.gmid.new" "$PKG/etc/rc.d/" mkdir -p "$PKG/srv/gmid" -mkdir -p "$PKG/var/log/gmid" -chmod u=rwX,g=rX,o= "$PKG/var/log/gmid" - cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/gmid/slack-desc b/gmid/slack-desc index ee4bd53..0d24c6a 100644 --- a/gmid/slack-desc +++ b/gmid/slack-desc @@ -5,13 +5,11 @@ # You must make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':' except on otherwise blank lines. - |-----handy-ruler------------------------------------------------------| + |-----handy-ruler------------------------------------------------------| gmid: gmid (Gemini server) gmid: -gmid: gmid is a server for the Gemini protocol. It has various -gmid: features, among which Capsicum support and a "config-less" -gmid: mode akin to "python -m http.server" to quickly serve local -gmid: directories from the shell. +gmid: It can serve static files, has optional FastCGI and proxying +gmid: support, and a rich configuration syntax. gmid: gmid: gmid: |