mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2025-01-09 21:25:42 +00:00
Debian package updates (#1073)
* Update Debian package * Don't put `AdminListen` in config by default, fix path in Debian package * Fix path in unit file * Preserve original service files for other packages --------- Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This commit is contained in:
parent
82c54f87ea
commit
0b578a637a
2
build
2
build
@ -6,7 +6,7 @@ PKGSRC=${PKGSRC:-github.com/yggdrasil-network/yggdrasil-go/src/version}
|
|||||||
PKGNAME=${PKGNAME:-$(sh contrib/semver/name.sh)}
|
PKGNAME=${PKGNAME:-$(sh contrib/semver/name.sh)}
|
||||||
PKGVER=${PKGVER:-$(sh contrib/semver/version.sh --bare)}
|
PKGVER=${PKGVER:-$(sh contrib/semver/version.sh --bare)}
|
||||||
|
|
||||||
LDFLAGS="-X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
|
LDFLAGS="${LDFLAGS} -X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
|
||||||
ARGS="-v"
|
ARGS="-v"
|
||||||
|
|
||||||
while getopts "utc:l:dro:p" option
|
while getopts "utc:l:dro:p" option
|
||||||
|
@ -113,6 +113,7 @@ func main() {
|
|||||||
_ = f.Close()
|
_ = f.Close()
|
||||||
|
|
||||||
case *genconf:
|
case *genconf:
|
||||||
|
cfg.AdminListen = ""
|
||||||
var bs []byte
|
var bs []byte
|
||||||
if *confjson {
|
if *confjson {
|
||||||
bs, err = json.MarshalIndent(cfg, "", " ")
|
bs, err = json.MarshalIndent(cfg, "", " ")
|
||||||
|
BIN
contrib/.DS_Store
vendored
Normal file
BIN
contrib/.DS_Store
vendored
Normal file
Binary file not shown.
@ -21,6 +21,9 @@ if [ $PKGBRANCH = "master" ]; then
|
|||||||
PKGREPLACES=yggdrasil-develop
|
PKGREPLACES=yggdrasil-develop
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
export LDFLAGS="-X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultConfig=/etc/yggdrasil/yggdrasil.conf"
|
||||||
|
export LDFLAGS="${LDFLAGS} -X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultAdminListen=unix://var/run/yggdrasil/yggdrasil.sock"
|
||||||
|
|
||||||
if [ $PKGARCH = "amd64" ]; then GOARCH=amd64 GOOS=linux ./build
|
if [ $PKGARCH = "amd64" ]; then GOARCH=amd64 GOOS=linux ./build
|
||||||
elif [ $PKGARCH = "i386" ]; then GOARCH=386 GOOS=linux ./build
|
elif [ $PKGARCH = "i386" ]; then GOARCH=386 GOOS=linux ./build
|
||||||
elif [ $PKGARCH = "mipsel" ]; then GOARCH=mipsle GOOS=linux ./build
|
elif [ $PKGARCH = "mipsel" ]; then GOARCH=mipsle GOOS=linux ./build
|
||||||
@ -38,7 +41,7 @@ echo "Building $PKGFILE"
|
|||||||
mkdir -p /tmp/$PKGNAME/
|
mkdir -p /tmp/$PKGNAME/
|
||||||
mkdir -p /tmp/$PKGNAME/debian/
|
mkdir -p /tmp/$PKGNAME/debian/
|
||||||
mkdir -p /tmp/$PKGNAME/usr/bin/
|
mkdir -p /tmp/$PKGNAME/usr/bin/
|
||||||
mkdir -p /tmp/$PKGNAME/etc/systemd/system/
|
mkdir -p /tmp/$PKGNAME/usr/lib/systemd/system/
|
||||||
|
|
||||||
cat > /tmp/$PKGNAME/debian/changelog << EOF
|
cat > /tmp/$PKGNAME/debian/changelog << EOF
|
||||||
Please see https://github.com/yggdrasil-network/yggdrasil-go/
|
Please see https://github.com/yggdrasil-network/yggdrasil-go/
|
||||||
@ -68,35 +71,52 @@ EOF
|
|||||||
cat > /tmp/$PKGNAME/debian/install << EOF
|
cat > /tmp/$PKGNAME/debian/install << EOF
|
||||||
usr/bin/yggdrasil usr/bin
|
usr/bin/yggdrasil usr/bin
|
||||||
usr/bin/yggdrasilctl usr/bin
|
usr/bin/yggdrasilctl usr/bin
|
||||||
etc/systemd/system/*.service etc/systemd/system
|
usr/lib/systemd/system/*.service usr/lib/systemd/system
|
||||||
EOF
|
EOF
|
||||||
cat > /tmp/$PKGNAME/debian/postinst << EOF
|
cat > /tmp/$PKGNAME/debian/postinst << EOF
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
if ! getent group yggdrasil 2>&1 > /dev/null; then
|
if ! getent group yggdrasil 2>&1 > /dev/null; then
|
||||||
groupadd --system --force yggdrasil || echo "Failed to create group 'yggdrasil' - please create it manually and reinstall"
|
groupadd --system --force yggdrasil
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f /etc/yggdrasil.conf ];
|
if [ ! -d /etc/yggdrasil ];
|
||||||
|
then
|
||||||
|
mkdir -p /etc/yggdrasil
|
||||||
|
chown root:yggdrasil /etc/yggdrasil
|
||||||
|
chmod 750 /etc/yggdrasil
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /etc/yggdrasil/yggdrasil.conf ];
|
||||||
|
then
|
||||||
|
test -f /etc/yggdrasil.conf && mv /etc/yggdrasil.conf /etc/yggdrasil/yggdrasil.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f /etc/yggdrasil/yggdrasil.conf ];
|
||||||
then
|
then
|
||||||
mkdir -p /var/backups
|
mkdir -p /var/backups
|
||||||
echo "Backing up configuration file to /var/backups/yggdrasil.conf.`date +%Y%m%d`"
|
echo "Backing up configuration file to /var/backups/yggdrasil.conf.`date +%Y%m%d`"
|
||||||
cp /etc/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d`
|
cp /etc/yggdrasil/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d`
|
||||||
echo "Normalising and updating /etc/yggdrasil.conf"
|
|
||||||
/usr/bin/yggdrasil -useconf -normaliseconf < /var/backups/yggdrasil.conf.`date +%Y%m%d` > /etc/yggdrasil.conf
|
|
||||||
chgrp yggdrasil /etc/yggdrasil.conf
|
|
||||||
|
|
||||||
if command -v systemctl >/dev/null; then
|
echo "Normalising and updating /etc/yggdrasil/yggdrasil.conf"
|
||||||
systemctl daemon-reload >/dev/null || true
|
/usr/bin/yggdrasil -useconf -normaliseconf < /var/backups/yggdrasil.conf.`date +%Y%m%d` > /etc/yggdrasil/yggdrasil.conf
|
||||||
systemctl enable yggdrasil || true
|
|
||||||
systemctl start yggdrasil || true
|
chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf
|
||||||
fi
|
chmod 640 /etc/yggdrasil/yggdrasil.conf
|
||||||
else
|
else
|
||||||
echo "Generating initial configuration file /etc/yggdrasil.conf"
|
echo "Generating initial configuration file /etc/yggdrasil/yggdrasil.conf"
|
||||||
echo "Please familiarise yourself with this file before starting Yggdrasil"
|
/usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf
|
||||||
sh -c 'umask 0027 && /usr/bin/yggdrasil -genconf > /etc/yggdrasil.conf'
|
|
||||||
chgrp yggdrasil /etc/yggdrasil.conf
|
chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf
|
||||||
|
chmod 640 /etc/yggdrasil/yggdrasil.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
systemctl enable yggdrasil
|
||||||
|
systemctl restart yggdrasil
|
||||||
|
|
||||||
|
exit 0
|
||||||
EOF
|
EOF
|
||||||
cat > /tmp/$PKGNAME/debian/prerm << EOF
|
cat > /tmp/$PKGNAME/debian/prerm << EOF
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
@ -110,13 +130,14 @@ EOF
|
|||||||
|
|
||||||
cp yggdrasil /tmp/$PKGNAME/usr/bin/
|
cp yggdrasil /tmp/$PKGNAME/usr/bin/
|
||||||
cp yggdrasilctl /tmp/$PKGNAME/usr/bin/
|
cp yggdrasilctl /tmp/$PKGNAME/usr/bin/
|
||||||
cp contrib/systemd/*.service /tmp/$PKGNAME/etc/systemd/system/
|
cp contrib/systemd/yggdrasil-default-config.service.debian /tmp/$PKGNAME/usr/lib/systemd/system/yggdrasil-default-config.service
|
||||||
|
cp contrib/systemd/yggdrasil.service.debian /tmp/$PKGNAME/usr/lib/systemd/system/yggdrasil.service
|
||||||
|
|
||||||
tar -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \
|
tar --no-xattrs -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \
|
||||||
usr/bin/yggdrasil usr/bin/yggdrasilctl \
|
usr/bin/yggdrasil usr/bin/yggdrasilctl \
|
||||||
etc/systemd/system/yggdrasil.service \
|
usr/lib/systemd/system/yggdrasil.service \
|
||||||
etc/systemd/system/yggdrasil-default-config.service
|
usr/lib/systemd/system/yggdrasil-default-config.service
|
||||||
tar -czvf /tmp/$PKGNAME/control.tar.gz -C /tmp/$PKGNAME/debian .
|
tar --no-xattrs -czvf /tmp/$PKGNAME/control.tar.gz -C /tmp/$PKGNAME/debian .
|
||||||
echo 2.0 > /tmp/$PKGNAME/debian-binary
|
echo 2.0 > /tmp/$PKGNAME/debian-binary
|
||||||
|
|
||||||
ar -r $PKGFILE \
|
ar -r $PKGFILE \
|
||||||
|
13
contrib/systemd/yggdrasil-default-config.service.debian
Normal file
13
contrib/systemd/yggdrasil-default-config.service.debian
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Yggdrasil default config generator
|
||||||
|
ConditionPathExists=|!/etc/yggdrasil/yggdrasil.conf
|
||||||
|
ConditionFileNotEmpty=|!/etc/yggdrasil/yggdrasil.conf
|
||||||
|
Wants=local-fs.target
|
||||||
|
After=local-fs.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Group=yggdrasil
|
||||||
|
ExecStartPre=/usr/bin/mkdir -p /etc/yggdrasil
|
||||||
|
ExecStart=/usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf
|
||||||
|
ExecStartPost=/usr/bin/chmod -R 0640 /etc/yggdrasil
|
25
contrib/systemd/yggdrasil.service.debian
Normal file
25
contrib/systemd/yggdrasil.service.debian
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Yggdrasil Network
|
||||||
|
Wants=network-online.target
|
||||||
|
Wants=yggdrasil-default-config.service
|
||||||
|
After=network-online.target
|
||||||
|
After=yggdrasil-default-config.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Group=yggdrasil
|
||||||
|
ProtectHome=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
NoNewPrivileges=true
|
||||||
|
RuntimeDirectory=yggdrasil
|
||||||
|
ReadWritePaths=/var/run/yggdrasil/ /run/yggdrasil/
|
||||||
|
SyslogIdentifier=yggdrasil
|
||||||
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||||
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||||
|
ExecStartPre=+-/sbin/modprobe tun
|
||||||
|
ExecStart=/usr/bin/yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
Restart=always
|
||||||
|
TimeoutStopSec=5
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -46,7 +46,7 @@ type NodeConfig struct {
|
|||||||
Peers []string `comment:"List of connection strings for outbound peer connections in URI format,\ne.g. tls://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections\nwill obey the operating system routing table, therefore you should\nuse this section when you may connect via different interfaces."`
|
Peers []string `comment:"List of connection strings for outbound peer connections in URI format,\ne.g. tls://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections\nwill obey the operating system routing table, therefore you should\nuse this section when you may connect via different interfaces."`
|
||||||
InterfacePeers map[string][]string `comment:"List of connection strings for outbound peer connections in URI format,\narranged by source interface, e.g. { \"eth0\": [ \"tls://a.b.c.d:e\" ] }.\nNote that SOCKS peerings will NOT be affected by this option and should\ngo in the \"Peers\" section instead."`
|
InterfacePeers map[string][]string `comment:"List of connection strings for outbound peer connections in URI format,\narranged by source interface, e.g. { \"eth0\": [ \"tls://a.b.c.d:e\" ] }.\nNote that SOCKS peerings will NOT be affected by this option and should\ngo in the \"Peers\" section instead."`
|
||||||
Listen []string `comment:"Listen addresses for incoming connections. You will need to add\nlisteners in order to accept incoming peerings from non-local nodes.\nMulticast peer discovery will work regardless of any listeners set\nhere. Each listener should be specified in URI format as above, e.g.\ntls://0.0.0.0:0 or tls://[::]:0 to listen on all interfaces."`
|
Listen []string `comment:"Listen addresses for incoming connections. You will need to add\nlisteners in order to accept incoming peerings from non-local nodes.\nMulticast peer discovery will work regardless of any listeners set\nhere. Each listener should be specified in URI format as above, e.g.\ntls://0.0.0.0:0 or tls://[::]:0 to listen on all interfaces."`
|
||||||
AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
|
AdminListen string `json:",omitempty" comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
|
||||||
MulticastInterfaces []MulticastInterfaceConfig `comment:"Configuration for which interfaces multicast peer discovery should be\nenabled on. Each entry in the list should be a json object which may\ncontain Regex, Beacon, Listen, and Port. Regex is a regular expression\nwhich is matched against an interface name, and interfaces use the\nfirst configuration that they match gainst. Beacon configures whether\nor not the node should send link-local multicast beacons to advertise\ntheir presence, while listening for incoming connections on Port.\nListen controls whether or not the node listens for multicast beacons\nand opens outgoing connections."`
|
MulticastInterfaces []MulticastInterfaceConfig `comment:"Configuration for which interfaces multicast peer discovery should be\nenabled on. Each entry in the list should be a json object which may\ncontain Regex, Beacon, Listen, and Port. Regex is a regular expression\nwhich is matched against an interface name, and interfaces use the\nfirst configuration that they match gainst. Beacon configures whether\nor not the node should send link-local multicast beacons to advertise\ntheir presence, while listening for incoming connections on Port.\nListen controls whether or not the node listens for multicast beacons\nand opens outgoing connections."`
|
||||||
AllowedPublicKeys []string `comment:"List of peer public keys to allow incoming peering connections\nfrom. If left empty/undefined then all connections will be allowed\nby default. This does not affect outgoing peerings, nor does it\naffect link-local peers discovered via multicast."`
|
AllowedPublicKeys []string `comment:"List of peer public keys to allow incoming peering connections\nfrom. If left empty/undefined then all connections will be allowed\nby default. This does not affect outgoing peerings, nor does it\naffect link-local peers discovered via multicast."`
|
||||||
IfName string `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
|
IfName string `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
|
||||||
|
Loading…
Reference in New Issue
Block a user