From 591f1bf927f8caede04cbec56c57c226b47480b6 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Mon, 25 May 2020 19:38:07 -0700 Subject: [PATCH 1/9] add systemd services --- CMakeLists.txt | 4 +++ dist/systemd/barrierc@.service.in | 59 +++++++++++++++++++++++++++++++ dist/systemd/barriers.service.in | 44 +++++++++++++++++++++++ dist/systemd/barriers@.service.in | 55 ++++++++++++++++++++++++++++ 4 files changed, 162 insertions(+) create mode 100644 dist/systemd/barrierc@.service.in create mode 100644 dist/systemd/barriers.service.in create mode 100644 dist/systemd/barriers@.service.in diff --git a/CMakeLists.txt b/CMakeLists.txt index 6a377c0442c..ababd2e0564 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -419,6 +419,10 @@ endif() # if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/rpm ${CMAKE_BINARY_DIR}/rpm) + configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/systemd ${CMAKE_BINARY_DIR}/systemd) + install(FILES ${CMAKE_BINARY_DIR}/systemd/barrierc@.service DESTINATION lib/systemd/system) + install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers@.service DESTINATION lib/systemd/system) + install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers.service DESTINATION lib/systemd/system) install(FILES res/barrier.svg DESTINATION share/icons/hicolor/scalable/apps) if("${VERSION_MAJOR}" STREQUAL "2") install(FILES res/barrier2.desktop DESTINATION share/applications) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in new file mode 100644 index 00000000000..7ae1a6a1ea9 --- /dev/null +++ b/dist/systemd/barrierc@.service.in @@ -0,0 +1,59 @@ +# Barrier Client service barrierc-@BARRIER_VERSION@ +# +# This file is part of Barrier. +# +# This is a systemd template service for the barrierc client service. Instances +# are started using @. For example: +# +# Starting: +# systemctl start barrierc@myserver +# or: +# systemctl start barrierc@myserver:24800 +# +# Enabling: +# systemctl enable barrierc@myserver +# +# SSL Fingerprints are stored in /var/db/barrier@ for each client +# instance. + +[Unit] +Description=Barrier Client connected to %I (Open-source KVM software) +Documentation=man:barrierc(1) man:barriers(1) +Documentation=https://github.com/debauchee/barrier/wiki +# Require network before starting barrierc +After=network-online.target +Wants=network-online.target +# Don't run client if server is running +Conflicts=barriers.service +# Sanity check that /var/db exists +ConditionPathExists=/var/db + +[Service] +Type=exec +# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 +Environment=LOG_LEVEL=INFO +# Default display is :0 +Environment=DISPLAY=:0 +# Store fingerprints in instnace specific directories +Environment=XDG_DATA_HOME=/var/db/barrier@%i +# TrustedServers.txt Directory +Environment=FP_DIR=/var/db/barrier@%i/barrier/SSL/Fingerprints +# Ensure the Fingerprints directory exists +ExecStartPre=mkdir -p "${FP_DIR}" + +# This uses openssl commands and grep to get the server's key and +# store it in the TrustedServers.txt file. OpenSSL is a requirement +# for barrier on Linux so these commands should exist. +ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\ +openssl s_client -connect big.home:24800 2>/dev/null |\ +openssl x509 -noout -sha1 -fingerprint |\ +grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt" + +# Main executable +ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i +# Restart on fail +Restart=always + +[Install] +# Install to graphical target +WantedBy=graphical.target \ No newline at end of file diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in new file mode 100644 index 00000000000..fc0131688be --- /dev/null +++ b/dist/systemd/barriers.service.in @@ -0,0 +1,44 @@ +# Barrier Server service barriers-@BARRIER_VERSION@ +# +# This file is part of Barrier. +# +# This systemd service starts barrier on the default port 24800. +# +# SSL data is stored in /var/db/barrier:24800/barrier/SSL + +[Unit] +Description=Barrier Server listening on 24800 (Open-source KVM software) +Documentation=man:barriers(1) man:barrierc(1) +Documentation=https://github.com/debauchee/barrier/wiki +# Require network before starting barrierc +After=network-online.target +Wants=network-online.target +# Don't run server if client or another instance is running +Conflicts=barrierc@.service barriers@.service +# Sanity check that /var/db exists +ConditionPathExists=/var/db + +[Service] +Type=exec +# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 +Environment=LOG_LEVEL=INFO +# Default display is :0 +Environment=DISPLAY=:0 +# Store SSL data in instance specific directories +Environment=XDG_DATA_HOME=/var/db/barrier:24800 +# SSL data directory +Environment=CERT_DIR=/var/db/barrier:24800/barrier/SSL + +# Create the certificate directory +ExecStartPre=mkdir -p ${CERT_DIR} +# Create the Barrier.pem certificate if it doesn't exist +ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" + +# Main executable +ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800 +# Restart on fail +Restart=always + +[Install] +# Install to graphical target +WantedBy=graphical.target diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in new file mode 100644 index 00000000000..335bfeacb6b --- /dev/null +++ b/dist/systemd/barriers@.service.in @@ -0,0 +1,55 @@ +# Barrier Server service barriers-@BARRIER_VERSION@ +# +# This file is part of Barrier. +# +# This is a systemd template service for running the barriers server using a +# specific port or IP. Instances are started using @[ip]:. For example: +# +# Starting: +# systemctl start barriers@0.0.0.0:24800 +# or: +# systemctl start barriers@:24800 +# +# Enabling: +# systemctl enable barriers@0.0.0.0:24800 +# +# SSL data is stored in /var/db/barrier/barrier/SSL for each +# instance. + +[Unit] +Description=Barrier Server listening on %I (Open-source KVM software) +Documentation=man:barriers(1) man:barrierc(1) +Documentation=https://github.com/debauchee/barrier/wiki +# Require network before starting barrierc +After=network-online.target +Wants=network-online.target +# Don't run server if client or another server is running +Conflicts=barrierc@.service barriers.service +# Sanity check that /var/db exists +ConditionPathExists=/var/db + +[Service] +Type=exec +# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 +Environment=LOG_LEVEL=INFO +# Default display is :0 +Environment=DISPLAY=:0 +# Store SSL data in instance specific directories +Environment=XDG_DATA_HOME=/var/db/barrier%i +# SSL data directory +Environment=CERT_DIR=/var/db/barrier%i/barrier/SSL + +# Create the certificate directory +ExecStartPre=mkdir -p ${CERT_DIR} +# Create the Barrier.pem certificate if it doesn't exist +ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" + +# Main executable +ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i +# Restart on fail +Restart=always + +[Install] +# Install to graphical target +WantedBy=graphical.target +DefaultInstance=:24800 From e413c46d78045aef159ba6289c994573f2603752 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Tue, 26 May 2020 16:26:26 -0700 Subject: [PATCH 2/9] change paths fix hardcoded hostname --- dist/systemd/barrierc@.service.in | 14 +++++++------- dist/systemd/barriers.service.in | 8 +++----- dist/systemd/barriers@.service.in | 10 +++++----- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index 7ae1a6a1ea9..e16f0ca6eae 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -13,7 +13,7 @@ # Enabling: # systemctl enable barrierc@myserver # -# SSL Fingerprints are stored in /var/db/barrier@ for each client +# SSL Fingerprints are stored in /var/lib/barrier@ for each client # instance. [Unit] @@ -25,8 +25,6 @@ After=network-online.target Wants=network-online.target # Don't run client if server is running Conflicts=barriers.service -# Sanity check that /var/db exists -ConditionPathExists=/var/db [Service] Type=exec @@ -35,17 +33,19 @@ Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 # Store fingerprints in instnace specific directories -Environment=XDG_DATA_HOME=/var/db/barrier@%i +Environment=XDG_DATA_HOME=/var/lib/barrier@%i # TrustedServers.txt Directory -Environment=FP_DIR=/var/db/barrier@%i/barrier/SSL/Fingerprints +Environment=FP_DIR=/var/lib/barrier@%i/barrier/SSL/Fingerprints # Ensure the Fingerprints directory exists ExecStartPre=mkdir -p "${FP_DIR}" # This uses openssl commands and grep to get the server's key and # store it in the TrustedServers.txt file. OpenSSL is a requirement -# for barrier on Linux so these commands should exist. +# for barrier on Linux so these commands should exist. This will only +# work if using the default 24800 port (since the port number must be +# specified for openssl) ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\ -openssl s_client -connect big.home:24800 2>/dev/null |\ +openssl s_client -connect %i:24800 2>/dev/null |\ openssl x509 -noout -sha1 -fingerprint |\ grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt" diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index fc0131688be..e1d87a2bb26 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -4,7 +4,7 @@ # # This systemd service starts barrier on the default port 24800. # -# SSL data is stored in /var/db/barrier:24800/barrier/SSL +# SSL data is stored in /var/lib/barrier:24800/barrier/SSL [Unit] Description=Barrier Server listening on 24800 (Open-source KVM software) @@ -15,8 +15,6 @@ After=network-online.target Wants=network-online.target # Don't run server if client or another instance is running Conflicts=barrierc@.service barriers@.service -# Sanity check that /var/db exists -ConditionPathExists=/var/db [Service] Type=exec @@ -25,9 +23,9 @@ Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 # Store SSL data in instance specific directories -Environment=XDG_DATA_HOME=/var/db/barrier:24800 +Environment=XDG_DATA_HOME=/var/lib/barrier:24800 # SSL data directory -Environment=CERT_DIR=/var/db/barrier:24800/barrier/SSL +Environment=CERT_DIR=/var/lib/barrier:24800/barrier/SSL # Create the certificate directory ExecStartPre=mkdir -p ${CERT_DIR} diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index 335bfeacb6b..db8fdf0ef13 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -13,7 +13,7 @@ # Enabling: # systemctl enable barriers@0.0.0.0:24800 # -# SSL data is stored in /var/db/barrier/barrier/SSL for each +# SSL data is stored in /var/lib/barrier/barrier/SSL for each # instance. [Unit] @@ -25,8 +25,8 @@ After=network-online.target Wants=network-online.target # Don't run server if client or another server is running Conflicts=barrierc@.service barriers.service -# Sanity check that /var/db exists -ConditionPathExists=/var/db +# Sanity check that /var/lib exists +ConditionPathExists=/var/lib [Service] Type=exec @@ -35,9 +35,9 @@ Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 # Store SSL data in instance specific directories -Environment=XDG_DATA_HOME=/var/db/barrier%i +Environment=XDG_DATA_HOME=/var/lib/barrier%i # SSL data directory -Environment=CERT_DIR=/var/db/barrier%i/barrier/SSL +Environment=CERT_DIR=/var/lib/barrier%i/barrier/SSL # Create the certificate directory ExecStartPre=mkdir -p ${CERT_DIR} From d697db67bb454cf3bd41cd3efbf7956429122a92 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Tue, 26 May 2020 19:47:58 -0700 Subject: [PATCH 3/9] use a single `/var/lib/barrier` directory --- dist/systemd/barrierc@.service.in | 6 +++--- dist/systemd/barriers.service.in | 4 ++-- dist/systemd/barriers@.service.in | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index e16f0ca6eae..5c9c15878f9 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -33,9 +33,9 @@ Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 # Store fingerprints in instnace specific directories -Environment=XDG_DATA_HOME=/var/lib/barrier@%i +Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i # TrustedServers.txt Directory -Environment=FP_DIR=/var/lib/barrier@%i/barrier/SSL/Fingerprints +Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints # Ensure the Fingerprints directory exists ExecStartPre=mkdir -p "${FP_DIR}" @@ -56,4 +56,4 @@ Restart=always [Install] # Install to graphical target -WantedBy=graphical.target \ No newline at end of file +WantedBy=graphical.target diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index e1d87a2bb26..72e9189f5d1 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -23,9 +23,9 @@ Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 # Store SSL data in instance specific directories -Environment=XDG_DATA_HOME=/var/lib/barrier:24800 +Environment=XDG_DATA_HOME=/var/lib/barrier/barrier:24800 # SSL data directory -Environment=CERT_DIR=/var/lib/barrier:24800/barrier/SSL +Environment=CERT_DIR=/var/lib/barrier/barrier:24800/barrier/SSL # Create the certificate directory ExecStartPre=mkdir -p ${CERT_DIR} diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index db8fdf0ef13..66e5bf903c6 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -35,9 +35,9 @@ Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 # Store SSL data in instance specific directories -Environment=XDG_DATA_HOME=/var/lib/barrier%i +Environment=XDG_DATA_HOME=/var/lib/barrier/barrier%i # SSL data directory -Environment=CERT_DIR=/var/lib/barrier%i/barrier/SSL +Environment=CERT_DIR=/var/lib/barrier/barrier%i/barrier/SSL # Create the certificate directory ExecStartPre=mkdir -p ${CERT_DIR} From 25a3a86ef62044add91291f3fc8c5f0e645d2be1 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Wed, 27 May 2020 17:07:16 -0700 Subject: [PATCH 4/9] fix typos --- dist/systemd/barrierc@.service.in | 2 +- dist/systemd/barriers@.service.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index 5c9c15878f9..e9524826e0f 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -32,7 +32,7 @@ Type=exec Environment=LOG_LEVEL=INFO # Default display is :0 Environment=DISPLAY=:0 -# Store fingerprints in instnace specific directories +# Store fingerprints in instance specific directories Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i # TrustedServers.txt Directory Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index 66e5bf903c6..e467c29ddd2 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -13,7 +13,7 @@ # Enabling: # systemctl enable barriers@0.0.0.0:24800 # -# SSL data is stored in /var/lib/barrier/barrier/SSL for each +# SSL data is stored in /var/lib/barrier/barrier/barrier/SSL for each # instance. [Unit] From 6deee4cef6dafab19fd5bd2da55eb9bd9937bac1 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Thu, 28 May 2020 22:59:13 -0700 Subject: [PATCH 5/9] use absolute paths for for earlier versions of systemd --- dist/systemd/barrierc@.service.in | 4 ++-- dist/systemd/barriers.service.in | 4 ++-- dist/systemd/barriers@.service.in | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index e9524826e0f..d1582ed9e14 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -37,14 +37,14 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i # TrustedServers.txt Directory Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints # Ensure the Fingerprints directory exists -ExecStartPre=mkdir -p "${FP_DIR}" +ExecStartPre=/usr/bin/mkdir -p "${FP_DIR}" # This uses openssl commands and grep to get the server's key and # store it in the TrustedServers.txt file. OpenSSL is a requirement # for barrier on Linux so these commands should exist. This will only # work if using the default 24800 port (since the port number must be # specified for openssl) -ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\ +ExecStartPre=/usr/bin/sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\ openssl s_client -connect %i:24800 2>/dev/null |\ openssl x509 -noout -sha1 -fingerprint |\ grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt" diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index 72e9189f5d1..c83bf252dba 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -28,9 +28,9 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier:24800 Environment=CERT_DIR=/var/lib/barrier/barrier:24800/barrier/SSL # Create the certificate directory -ExecStartPre=mkdir -p ${CERT_DIR} +ExecStartPre=/usr/bin/mkdir -p ${CERT_DIR} # Create the Barrier.pem certificate if it doesn't exist -ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" +ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" # Main executable ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800 diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index e467c29ddd2..02c53c1c793 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -40,9 +40,9 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier%i Environment=CERT_DIR=/var/lib/barrier/barrier%i/barrier/SSL # Create the certificate directory -ExecStartPre=mkdir -p ${CERT_DIR} +ExecStartPre=/usr/bin/mkdir -p ${CERT_DIR} # Create the Barrier.pem certificate if it doesn't exist -ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" +ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" # Main executable ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i From a3ba518176a436076ab811f57eb769c1b4dbb07e Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Thu, 28 May 2020 23:00:30 -0700 Subject: [PATCH 6/9] change Type from exec to simple --- dist/systemd/barrierc@.service.in | 2 +- dist/systemd/barriers.service.in | 2 +- dist/systemd/barriers@.service.in | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index d1582ed9e14..7f715c05865 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -27,7 +27,7 @@ Wants=network-online.target Conflicts=barriers.service [Service] -Type=exec +Type=simple # Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 Environment=LOG_LEVEL=INFO # Default display is :0 diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index c83bf252dba..4dc0ee1ef97 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -17,7 +17,7 @@ Wants=network-online.target Conflicts=barrierc@.service barriers@.service [Service] -Type=exec +Type=simple # Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 Environment=LOG_LEVEL=INFO # Default display is :0 diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index 02c53c1c793..17ec9dca993 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -29,7 +29,7 @@ Conflicts=barrierc@.service barriers.service ConditionPathExists=/var/lib [Service] -Type=exec +Type=simple # Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 Environment=LOG_LEVEL=INFO # Default display is :0 From 95ffe5898df8d05695f0e420d4901d6d25806ed8 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Fri, 5 Jun 2020 16:54:19 -0700 Subject: [PATCH 7/9] run mkdir with full privileges --- dist/systemd/barrierc@.service.in | 2 +- dist/systemd/barriers.service.in | 2 +- dist/systemd/barriers@.service.in | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index 7f715c05865..ed2fc0f1d68 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -37,7 +37,7 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i # TrustedServers.txt Directory Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints # Ensure the Fingerprints directory exists -ExecStartPre=/usr/bin/mkdir -p "${FP_DIR}" +ExecStartPre=+/usr/bin/mkdir -p "${FP_DIR}" # This uses openssl commands and grep to get the server's key and # store it in the TrustedServers.txt file. OpenSSL is a requirement diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index 4dc0ee1ef97..95f46adb9aa 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -28,7 +28,7 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier:24800 Environment=CERT_DIR=/var/lib/barrier/barrier:24800/barrier/SSL # Create the certificate directory -ExecStartPre=/usr/bin/mkdir -p ${CERT_DIR} +ExecStartPre=+/usr/bin/mkdir -p ${CERT_DIR} # Create the Barrier.pem certificate if it doesn't exist ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index 17ec9dca993..bf81f6a9e62 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -40,7 +40,7 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier%i Environment=CERT_DIR=/var/lib/barrier/barrier%i/barrier/SSL # Create the certificate directory -ExecStartPre=/usr/bin/mkdir -p ${CERT_DIR} +ExecStartPre=+/usr/bin/mkdir -p ${CERT_DIR} # Create the Barrier.pem certificate if it doesn't exist ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" From 368f0d7f7acd9677356aa57b3e2fd688ab9448c4 Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Fri, 5 Jun 2020 17:36:56 -0700 Subject: [PATCH 8/9] use snap paths if building with snapcraft --- CMakeLists.txt | 5 +++++ dist/systemd/barrierc@.service.in | 2 +- dist/systemd/barriers.service.in | 2 +- dist/systemd/barriers@.service.in | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ababd2e0564..e4247d16f7d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -419,6 +419,11 @@ endif() # if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/rpm ${CMAKE_BINARY_DIR}/rpm) + if (DEFINED ENV{SNAPCRAFT_PART_BUILD}) + set (SYSTEMD_EXEC_PATH_PREFIX "/snap/bin/barrier.") + else() + set (SYSTEMD_EXEC_PATH_PREFIX "/usr/bin/") + endif() configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/systemd ${CMAKE_BINARY_DIR}/systemd) install(FILES ${CMAKE_BINARY_DIR}/systemd/barrierc@.service DESTINATION lib/systemd/system) install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers@.service DESTINATION lib/systemd/system) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index ed2fc0f1d68..9bde2d1260c 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -50,7 +50,7 @@ openssl x509 -noout -sha1 -fingerprint |\ grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt" # Main executable -ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i +ExecStart=@SYSTEMD_EXEC_PATH_PREFIX@barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i # Restart on fail Restart=always diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index 95f46adb9aa..168c1964390 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -33,7 +33,7 @@ ExecStartPre=+/usr/bin/mkdir -p ${CERT_DIR} ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" # Main executable -ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800 +ExecStart=@SYSTEMD_EXEC_PATH_PREFIX@barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800 # Restart on fail Restart=always diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index bf81f6a9e62..8be2e8bf0b3 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -45,7 +45,7 @@ ExecStartPre=+/usr/bin/mkdir -p ${CERT_DIR} ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" # Main executable -ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i +ExecStart=@SYSTEMD_EXEC_PATH_PREFIX@barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i # Restart on fail Restart=always From 35ac344a36c6379e9f437f792dee7e3071d1215b Mon Sep 17 00:00:00 2001 From: Chris Simons Date: Sat, 6 Jun 2020 09:43:13 -0700 Subject: [PATCH 9/9] use StateDirectory instead of mkdir --- dist/systemd/barrierc@.service.in | 2 +- dist/systemd/barriers.service.in | 5 ++--- dist/systemd/barriers@.service.in | 5 ++--- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in index 9bde2d1260c..60dfcc9c4c3 100644 --- a/dist/systemd/barrierc@.service.in +++ b/dist/systemd/barrierc@.service.in @@ -37,7 +37,7 @@ Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i # TrustedServers.txt Directory Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints # Ensure the Fingerprints directory exists -ExecStartPre=+/usr/bin/mkdir -p "${FP_DIR}" +StateDirectory=barrier/barrier@%i/barrier/SSL/Fingerprints # This uses openssl commands and grep to get the server's key and # store it in the TrustedServers.txt file. OpenSSL is a requirement diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in index 168c1964390..67f3f85b143 100644 --- a/dist/systemd/barriers.service.in +++ b/dist/systemd/barriers.service.in @@ -26,9 +26,8 @@ Environment=DISPLAY=:0 Environment=XDG_DATA_HOME=/var/lib/barrier/barrier:24800 # SSL data directory Environment=CERT_DIR=/var/lib/barrier/barrier:24800/barrier/SSL - -# Create the certificate directory -ExecStartPre=+/usr/bin/mkdir -p ${CERT_DIR} +# Ensure the SSL directory exists +StateDirectory=barrier/barrier:24800/barrier/SSL # Create the Barrier.pem certificate if it doesn't exist ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in index 8be2e8bf0b3..f9545a16522 100644 --- a/dist/systemd/barriers@.service.in +++ b/dist/systemd/barriers@.service.in @@ -38,9 +38,8 @@ Environment=DISPLAY=:0 Environment=XDG_DATA_HOME=/var/lib/barrier/barrier%i # SSL data directory Environment=CERT_DIR=/var/lib/barrier/barrier%i/barrier/SSL - -# Create the certificate directory -ExecStartPre=+/usr/bin/mkdir -p ${CERT_DIR} +# Ensure the SSL directory exists +StateDirectory=barrier/barrier%i/barrier/SSL # Create the Barrier.pem certificate if it doesn't exist ExecStartPre=/usr/bin/sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem"