diff --git a/contrib/debian/bitcoind.install b/contrib/debian/bitcoind.install index 798ea851f6..86582a6c14 100644 --- a/contrib/debian/bitcoind.install +++ b/contrib/debian/bitcoind.install @@ -1,2 +1,3 @@ usr/local/bin/bitcoind usr/bin usr/local/bin/bitcoin-cli usr/bin +debian/examples/bitcoin.conf etc/bitcoin diff --git a/contrib/debian/bitcoind.postinst b/contrib/debian/bitcoind.postinst new file mode 100644 index 0000000000..e9884f3e36 --- /dev/null +++ b/contrib/debian/bitcoind.postinst @@ -0,0 +1,27 @@ +#!/bin/sh + +# setup bitcoin account, homedir etc + +set -e + +BCUSER="bitcoin" +BCHOME="/var/lib/bitcoin" + +if [ "$1" = "configure" ]; then + + # Add bitcoin user/group - this will gracefully abort if the user already exists. + # A homedir is never created. + adduser --system --home "${BCHOME}" --no-create-home --group "${BCUSER}" + + # If the homedir does not already exist, create it with proper + # ownership and permissions. + if [ ! -d "${BCHOME}" ]; then + mkdir -m 0750 -p "${BCHOME}" + chown "${BCUSER}:${BCUSER}" "${BCHOME}" + fi + +fi + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/bitcoind.postrm b/contrib/debian/bitcoind.postrm new file mode 100644 index 0000000000..aa128750d8 --- /dev/null +++ b/contrib/debian/bitcoind.postrm @@ -0,0 +1,35 @@ +#!/bin/sh + +# setup bitcoin account, homedir etc + +set -e + +BCUSER="bitcoin" +BCHOME="/var/lib/bitcoin" + +if [ "$1" = "purge" ]; then + + # The bitcoin user is left in place for now - This is to ensure that a new user + # will not inherit the users UID/GID and inadvertently gain access to wallets etc + + # The homedir is also left intact to ensure that we don't accidentally delete a + # wallet or something equally important + + echo + echo "#" + echo "# The bitcoin user (${BCUSER}) and data dir (${BCHOME})" + echo "# were left intact." + echo "#" + echo "# Make sure to check \"${BCHOME}\" for wallets and other" + echo "# important bits." + echo "#" + echo "# After backing up all vital data, cleanup can be completed" + echo "# by running: sudo userdel -r ${BCUSER}" + echo "#" + echo + +fi + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/bitcoind.service b/contrib/debian/bitcoind.service new file mode 100644 index 0000000000..26c771f256 --- /dev/null +++ b/contrib/debian/bitcoind.service @@ -0,0 +1,45 @@ +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. + +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf + +[Unit] +Description=Bitcoin daemon +After=network.target + +[Service] +ExecStart=/usr/bin/bitcoind -daemon -datadir=/var/lib/bitcoin -conf=/etc/bitcoin/bitcoin.conf -pid=/run/bitcoind/bitcoind.pid +# Creates /run/bitcoind owned by bitcoin +RuntimeDirectory=bitcoind +User=bitcoin +Type=forking +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure + +# Hardening measures +#################### + +# Provide a private /tmp and /var/tmp. +PrivateTmp=true + +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full + +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true + +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true + +# Deny the creation of writable and executable memory mappings. +# Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS +#MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target diff --git a/contrib/debian/changelog b/contrib/debian/changelog index dd644559ff..1c7ad362da 100644 --- a/contrib/debian/changelog +++ b/contrib/debian/changelog @@ -1,3 +1,9 @@ +bitcoin (0.16.0-trusty2) trusty; urgency=medium + + * Add systemd service to bitcoind + + -- Thomas M Steenholdt Wed, 18 Apr 2018 16:40:00 -0200 + bitcoin (0.16.0-xenial1) xenial; urgency=medium * Mark for xenial. diff --git a/contrib/debian/control b/contrib/debian/control index b7ca999bac..ffb56f9eaa 100644 --- a/contrib/debian/control +++ b/contrib/debian/control @@ -25,7 +25,8 @@ Build-Depends: debhelper, libqrencode-dev, libprotobuf-dev, protobuf-compiler, python, - libzmq3-dev + libzmq3-dev, + dh-systemd Standards-Version: 3.9.2 Homepage: https://bitcoincore.org/ Vcs-Git: git://github.com/bitcoin/bitcoin.git @@ -33,7 +34,7 @@ Vcs-Browser: https://github.com/bitcoin/bitcoin Package: bitcoind Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser Description: peer-to-peer network based digital currency - daemon Bitcoin is a free open source peer-to-peer electronic cash system that is completely decentralized, without the need for a central server or diff --git a/contrib/debian/rules b/contrib/debian/rules index 84c5edd4a4..fcd0c39413 100755 --- a/contrib/debian/rules +++ b/contrib/debian/rules @@ -6,7 +6,7 @@ # $(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),,src/test_bitcoin) %: - dh --with bash-completion $@ + dh --with bash-completion --with systemd $@ override_dh_auto_clean: if [ -f Makefile ]; then $(MAKE) distclean; fi @@ -32,3 +32,18 @@ ifeq ($(QT), qt4) else make check endif + +# No SysV or Upstart init scripts included +override_dh_installinit: + dh_installinit \ + --noscripts + +# Don’t enable service by default +override_dh_systemd_enable: + dh_systemd_enable \ + --no-enable + +# Restart after upgrade +override_dh_systemd_start: + dh_systemd_start \ + --restart-after-upgrade