From 2c3c2955a29135ecc2a7920c9816bc8ccd0f9086 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 7 Jul 2016 22:48:58 +0200 Subject: streamlined systemd integration/installation --- etc/init.d/anytun | 227 +++++++++++++------------ etc/tmpfiles.d/anytun.conf | 2 - src/Makefile | 34 ++-- src/configure | 53 ++++-- usr/bin/anytun-launcher.sh | 34 ++-- usr/lib/systemd/system/anytun-control@.service | 4 +- usr/lib/systemd/system/anytun@.service | 4 +- usr/lib/tmpfiles.d/anytun.conf | 2 + 8 files changed, 194 insertions(+), 166 deletions(-) delete mode 100644 etc/tmpfiles.d/anytun.conf create mode 100644 usr/lib/tmpfiles.d/anytun.conf diff --git a/etc/init.d/anytun b/etc/init.d/anytun index aa5f0af..6ecfb26 100755 --- a/etc/init.d/anytun +++ b/etc/init.d/anytun @@ -9,22 +9,24 @@ # Description: Enables networking over vpn tunnel interfaces ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -ANYTUNLAUNCHER=/usr/bin/anytun-launcher.sh -NAME=anytun -DESC=anytun -CONFIG_DIR=/etc/anytun -VARCONFIG_DIR=/var/run/anytun-controld -VARRUN_DIR=/var/run/$NAME/ +DAEMON=anytun +LAUNCHER=/usr/local/bin/$DAEMON-launcher.sh +DESC=secure anycast tunneling daemon +CONFIG_DIR=/usr/local/etc/$DAEMON +VARCONTROL_DIR=/var/run/$DAEMON-controld +VARRUN_DIR=/var/run/$DAEMON/ # Include anytun defaults if available if [ -f /etc/default/anytun ] ; then . /etc/default/anytun fi +. /lib/lsb/init-functions + start_vpn () { STATUS="OK" - if [ -f $CONFIG_DIR/$NAME/config ] ; then - $ANYTUNLAUNCHER vpn || STATUS="FAILED" + if [ -f $CONFIG_DIR/$1/config ] ; then + $LAUNCHER vpn $1 || STATUS="FAILED" else STATUS="no config found" fi @@ -38,143 +40,142 @@ stop_vpn () { } start_configd () { - $ANYTUNLAUNCHER configd + $LAUNCHER configd $1 } stop_configd () { - if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - echo -n " ($NAME-controlld)" - kill `cat $VARCONFIG_DIR/$NAME.pid` || true - rm $VARCONFIG_DIR/$NAME.pid - fi + if [ -d $CONFIG_DIR/$1/conf.d ] ; then + echo -n " ($1-controlld)" + kill `cat $VARCONTROL_DIR/$1.pid` || true + rm $VARCONTROL_DIR/$1.pid + fi } set -e case "$1" in start) - echo -n "Starting $DESC:" - if test -z "$2" ; then - if [ -f $CONFIG_DIR/autostart ] ; then - for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do - echo -n " $NAME" - start_vpn - done + echo -n "Starting $DESC:" + if test -z "$2" ; then + if [ -f $CONFIG_DIR/autostart ] ; then + for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do + echo -n " $NAME" + start_vpn $NAME + done + else + echo "no config found" + exit 1; + fi else - echo "no config found" - exit 1; + while shift ; do + [ -z "$1" ] && break + echo -n " $1" + start_vpn $1 + done fi - else - while shift ; do - [ -z "$1" ] && break - NAME=$1 - echo -n " $NAME" - start_vpn - done - fi - echo "." - ;; + echo "." + ;; stop) - echo -n "Stoping $DESC:" - if test -z "$2" ; then - for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do - NAME=`basename $PIDFILE` - NAME=${NAME%%.pid} - echo -n " $NAME" - stop_vpn - done - else - while shift ; do - [ -z "$1" ] && break - if test -e $VARRUN_DIR/$1.pid ; then - PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + echo -n "Stoping $DESC:" + if test -z "$2" ; then + for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do NAME=`basename $PIDFILE` NAME=${NAME%%.pid} echo -n " $NAME" - stop_vpn - else - echo -n " (failure: No such tunnel is running: $1)" - fi - done - fi - echo "." - ;; + stop_vpn $NAME + done + else + while shift ; do + [ -z "$1" ] && break + if test -e $VARRUN_DIR/$1.pid ; then + PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + NAME=`basename $PIDFILE` + NAME=${NAME%%.pid} + echo -n " $NAME" + stop_vpn $NAME + else + echo -n " (failure: No such tunnel is running: $1)" + fi + done + fi + echo "." + ;; reload) - echo -n "Reloading $DESC:" - if test -z "$2" ; then - for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do - NAME=`basename $PIDFILE` - NAME=${NAME%%.pid} - echo -n " $NAME" - if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - stop_vpn - start_vpn - else - stop_configd - start_configd - fi - done - else - while shift ; do - [ -z "$1" ] && break - if test -e $VARRUN_DIR/$1.pid ; then - PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + echo -n "Reloading $DESC:" + if test -z "$2" ; then + for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do NAME=`basename $PIDFILE` NAME=${NAME%%.pid} echo -n " $NAME" if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - stop_vpn - start_vpn + stop_vpn $NAME + start_vpn $NAME else - stop_configd - start_configd + stop_configd $NAME + start_configd $NAME fi - else - echo -n " (failure: No such tunnel is running: $1)" - fi - done - fi - echo "." - ;; + done + else + while shift ; do + [ -z "$1" ] && break + if test -e $VARRUN_DIR/$1.pid ; then + PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + NAME=`basename $PIDFILE` + NAME=${NAME%%.pid} + echo -n " $NAME" + if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then + stop_vpn $NAME + start_vpn $NAME + else + stop_configd $NAME + start_configd $NAME + fi + else + echo -n " (failure: No such tunnel is running: $1)" + fi + done + fi + echo "." + ;; force-reload) - echo -n "Restarting $DESC:" - if test -z "$2" ; then - for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do - NAME=`basename $PIDFILE` - NAME=${NAME%%.pid} - echo -n " $NAME" - stop_vpn - sleep 1 - start_vpn - done - else - while shift ; do - [ -z "$1" ] && break - if test -e $VARRUN_DIR/$1.pid ; then - PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + echo -n "Restarting $DESC:" + if test -z "$2" ; then + for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do NAME=`basename $PIDFILE` NAME=${NAME%%.pid} echo -n " $NAME" - stop_vpn + stop_vpn $NAME sleep 1 - start_vpn - else - echo -n " (failure: No such tunnel is running: $1)" - fi - done - fi - echo "." - ;; + start_vpn $NAME + done + else + while shift ; do + [ -z "$1" ] && break + if test -e $VARRUN_DIR/$1.pid ; then + PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + NAME=`basename $PIDFILE` + NAME=${NAME%%.pid} + echo -n " $NAME" + stop_vpn $NAME + sleep 1 + start_vpn $NAME + else + echo -n " (failure: No such tunnel is running: $1)" + fi + done + fi + echo "." + ;; restart) SCRIPT=$0 shift $SCRIPT stop $* sleep 1 $SCRIPT start $* - ;; + ;; *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 - exit 1 - ;; + N=/etc/init.d/$DAEMON + echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; esac exit 0 diff --git a/etc/tmpfiles.d/anytun.conf b/etc/tmpfiles.d/anytun.conf deleted file mode 100644 index c685cdd..0000000 --- a/etc/tmpfiles.d/anytun.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /run/anytun-controld 0700 anytun anytun - -d /run/anytun/ 0700 anytun anytun - diff --git a/src/Makefile b/src/Makefile index 638c49a..3304041 100644 --- a/src/Makefile +++ b/src/Makefile @@ -186,7 +186,7 @@ ifneq ($(MAKECMDGOALS),distclean) endif strip: $(EXECUTABLES) - $(STRIP) -s $(EXECUTABLES) + $(STRIP) -s $(EXECUTABLES) anytun$(EXE): $(ANYTUNOBJS) $(SYNCOBJS) anytun.o $(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS) @@ -280,7 +280,7 @@ INSTALL_TARGETS += install-examples REMOVE_TARGETS += remove-examples endif -ifdef SYSTEMD +ifdef SYSTEMDDIR INSTALL_TARGETS += install-systemd REMOVE_TARGETS := remove-systemd endif @@ -294,27 +294,29 @@ install-bin: $(EXECUTABLES) $(INSTALL) -m 755 anytun-config $(DESTDIR)$(BINDIR) $(INSTALL) -m 755 anytun-controld $(DESTDIR)$(BINDIR) $(INSTALL) -m 755 anytun-showtables $(DESTDIR)$(BINDIR) - @ sed -e 's#DAEMON=/usr/sbin/anytun#DAEMON=$(SBINDIR)/anytun#' \ - -e 's#ANYTUNCONFIG=/usr/bin/anytun-config#ANYTUNCONFIG=$(BINDIR)/anytun-config#' \ - -e 's#CONTROLDAEMON=/usr/bin/anytun-controld#CONTROLDAEMON=$(BINDIR)/anytun-controld#' \ - -e 's#CONFIG_DIR=/etc/anytun#CONFIG_DIR=$(ETCDIR)/anytun#' ../usr/bin/anytun-launcher.sh > ../usr/bin/anytun-launcher.sh.bak + @ sed -e 's#/usr/local/sbin#$(SBINDIR)#' -e 's#/usr/local/bin#$(BINDIR)#' \ + -e 's#/usr/local/etc#$(ETCDIR)#' ../usr/bin/anytun-launcher.sh > ../usr/bin/anytun-launcher.sh.bak $(INSTALL) -m 755 ../usr/bin/anytun-launcher.sh.bak $(DESTDIR)$(BINDIR)/anytun-launcher.sh + rm -f ../usr/bin/anytun-launcher.sh.bak install-etc: $(INSTALL) -d $(DESTDIR)$(ETCDIR)/anytun @ echo "example configurations can be found at $(EXAMPLESDIR)/anytun" > $(DESTDIR)$(ETCDIR)/anytun/README $(INSTALL) -d $(DESTDIR)$(ETCDIR)/init.d - @ sed -e 's#ANYTUNLAUNCHER=/usr/bin/anytun-launcher.sh#ANYTUNLAUNCHER=$(BINDIR)/anytun-launcher.sh#' \ - -e 's#CONFIG_DIR=/etc/anytun#CONFIG_DIR=$(ETCDIR)/anytun#' ../etc/init.d/anytun > ../etc/init.d/anytun.bak + @ sed -e 's#/usr/local/bin#$(BINDIR)#' -e 's#/usr/local/etc#$(ETCDIR)#' ../etc/init.d/anytun > ../etc/init.d/anytun.bak $(INSTALL) -m 755 ../etc/init.d/anytun.bak $(DESTDIR)$(ETCDIR)/init.d/anytun rm -f ../etc/init.d/anytun.bak install-systemd: - @ sed -e 's#/usr/bin/#$(DESTDIR)$(BINDIR)/#' ../usr/lib/systemd/system/anytun@.service > ../usr/lib/systemd/system/anytun@.service.bak - @ sed -e 's#/usr/bin/#$(DESTDIR)$(BINDIR)/#' ../usr/lib/systemd/system/anytun-control@.service > ../usr/lib/systemd/system/anytun-control@.service.bak - $(INSTALL) ../usr/lib/systemd/system/anytun@.service.bak $(DESTDIR)$(SYSTEMD_SYSTEMUNITDIR)/anytun@.service - $(INSTALL) ../usr/lib/systemd/system/anytun-control@.service.bak $(DESTDIR)$(SYSTEMD_SYSTEMUNITDIR)/anytun-control@.service - $(INSTALL) ../etc/tmpfiles.d/anytun.conf $(DESTDIR)$(SYSTEMD_TMPFILESDIR)/anytun.conf + $(INSTALL) -d $(DESTDIR)$(SYSTEMDDIR) + $(INSTALL) -d $(DESTDIR)$(TMPFILESDDIR) + @ sed -e 's#/usr/local/bin/#$(BINDIR)/#' ../usr/lib/systemd/system/anytun@.service > ../usr/lib/systemd/system/anytun@.service.bak + @ sed -e 's#/usr/local/bin/#$(BINDIR)/#' ../usr/lib/systemd/system/anytun-control@.service > ../usr/lib/systemd/system/anytun-control@.service.bak + $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun@.service + $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun-control@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun-control@.service + $(INSTALL) -m 644 ../usr/lib/tmpfiles.d/anytun.conf $(DESTDIR)$(TMPFILESDDIR)/anytun.conf + rm -f ../usr/lib/systemd/system/anytun@.service.bak + rm -f ../usr/lib/systemd/system/anytun-control@.service.bak install-examples: $(INSTALL) -d $(DESTDIR)$(EXAMPLESDIR)/anytun @@ -366,9 +368,9 @@ remove-etc: rm -f $(DESTDIR)$(ETCDIR)/init.d/anytun remove-systemd: - rm -f $(DESTDIR)$(SYSTEMD_SYSTEMUNITDIR)/anytun@.service - rm -f $(DESTDIR)$(SYSTEMD_SYSTEMUNITDIR)/anytun-control@.service - rm -f $(DESTDIR)$(SYSTEMD_TMPFILESDIR)/anytun.conf + rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun@.service + rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun-control@.service + rm -f $(DESTDIR)$(TMPFILESDDIR)/anytun.conf remove-examples: rm -rf $(DESTDIR)$(EXAMPLESDIR)/anytun/ diff --git a/src/configure b/src/configure index 3b6e57d..0ba56b5 100755 --- a/src/configure +++ b/src/configure @@ -64,6 +64,9 @@ MANDIR='' INSTALLMANPAGE=1 EXAMPLESDIR='' INSTALLEXAMPLES=1 +SYSTEMDDIR='' +TMPFILESDDIR='' +INSTALLSYSTEMD=1 BOOST_PREFIX='' GCRYPT_PREFIX='' @@ -78,9 +81,12 @@ print_usage() { echo " --sbindir= the path to the sbin directory (default: $PREFIX/sbin)" echo " --sysconfdir= the path to the system configuration directory (default: $PREFIX/etc" echo " --mandir= the path to the system man pages (default: $PREFIX/share/man)" - echo " --no-manpage dont't install manpages" + echo " --no-manpage don't install manpages" echo " --examplesdir= the path to the examples files (default: $PREFIX/share/examples)" - echo " --no-examples dont't install example files" + echo " --no-examples don't install example files" + echo " --systemddir= the path to the systemd service unit directory (default: from pkg-config)" + echo " --tmpfilesddir= the path to the systemd tmpfiles.d configuration file (default: from pkg-config)" + echo " --no-systemd don't install systemd units" echo " --use-gcrypt use libgcrypt (this is the default)" echo " --use-nettle use libnettle instead of libgcrypt" echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" @@ -95,9 +101,6 @@ print_usage() { echo " --with-nettle= don't use systemwide nettle" echo " --with-openssl= don't use systemwide openssl" echo " --use-clang use clang/llvm as compiler/linker" - echo " --with-systemd install systemd unit descriptions" - echo " --with-systemdsystemunitdir= target for unit files" - echo " --with-systemdtmpfilesdir= target for tmpfile creation info" } for arg @@ -133,6 +136,15 @@ do --no-examples) INSTALLEXAMPLES=0 ;; + --systemddir=*) + SYSTEMDDIR=${arg#--systemddir=} + ;; + --tmpfilesddir=*) + TMPFILESDDIR=${arg#--tmpfilesddir=} + ;; + --no-systemd) + INSTALLSYSTEMD=0 + ;; --use-gcrypt) CRYPTO_LIB='gcrypt' ;; @@ -175,17 +187,6 @@ do --with-openssl=*) OPENSSL_PREFIX=${arg#--with-openssl=} ;; - --with-systemd) - SYSTEMD=1 - [[ -z $SYSTEMD_SYSTEMUNITDIR ]] && SYSTEMD_SYSTEMUNITDIR="$(pkg-config systemd --variable=systemdsystemconfdir)" - [[ -z $SYSTEMD_TMPFILESDIR ]] && SYSTEMD_TMPFILESDIR="$(pkg-config systemd --variable=tmpfilesdir)" - ;; - --with-systemdsystemunitdir=*) - SYSTEMD_SYSTEMUNITDIR=${arg#--with-systemdsystemunitdir=} - ;; - --with-tmpfilesdir=*) - SYSTEMD_TMPFILESDIR=${arg#--with-tmpfilesdir=} - ;; --help) print_usage exit 0 @@ -246,6 +247,7 @@ case $TARGET in CXXFLAGS=$CXXFLAGS' -I/usr/local/include' LDFLAGS=$LDFLAGS' -L/usr/local/lib -lboost_thread -lboost_serialization -lboost_system -lboost_date_time -lpthread' LOG_TARGETS='-DLOG_SYSLOG -DLOG_FILE -DLOG_STDOUT' + INSTALLSYSTEMD=0 ;; mingw) rm -f tunDevice.cpp @@ -256,6 +258,7 @@ case $TARGET in CXXFLAGS=$CXXFLAGS' -DMINGW -D_WIN32_WINNT=0x0501 -DWIN32_LEAN_AND_MEAN -DBOOST_WINDOWS -fno-strict-aliasing -DBOOST_THREAD_USE_LIB' LDFLAGS=$LDFLAGS' -lboost_thread_win32 -lboost_serialization -lboost_system -lboost_date_time -lwsock32 -lws2_32' LOG_TARGETS='-DWIN_EVENTLOG -DLOG_FILE -DLOG_STDOUT' + INSTALLSYSTEMD=0 ;; *) echo "platform not supported" @@ -334,6 +337,15 @@ if [ -z "$EXAMPLESDIR" ]; then EXAMPLESDIR=$PREFIX/share/examples fi +if [ $INSTALLSYSTEMD -eq 1 ]; then + if [ -z "$SYSTEMDDIR" ]; then + SYSTEMDDIR=`pkg-config systemd --variable=systemdsystemunitdir` + fi + if [ -z "$TMPFILESDDIR" ]; then + TMPFILESDDIR=`pkg-config systemd --variable=tmpfilesdir` + fi +fi + cat > include.mk <> include.mk + echo "TMPFILESDDIR := $TMPFILESDDIR" >> include.mk + echo "installing systemd units" +else + echo "not installing systemd units" +fi + VERSION=`cat ../version` if which git >/dev/null; then GIT_HASH=`git rev-parse HEAD 2> /dev/null` @@ -397,7 +417,6 @@ cat > version.h </dev/null + test -d $VARCONTROL_DIR || mkdir -p $VARCONTROL_DIR + chmod 700 $VARCONTROL_DIR + rm -f $VARCONTROL_DIR/$NAME 2>/dev/null KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo` for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do echo -n " ($CLIENTNAME)" DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo` - $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONFIG_DIR/$NAME + $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONTROL_DIR/$NAME done CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo` - $CONTROLDAEMON -f $VARCONFIG_DIR/$NAME $DAEMONOPTS $CONTROLHOST \ - --write-pid $VARCONFIG_DIR/$NAME.pid + $CONTROLDAEMON -f $VARCONTROL_DIR/$NAME $DAEMONOPTS $CONTROLHOST \ + --write-pid $VARCONTROL_DIR/$NAME.pid else echo "no conf.d directory found (maybe $NAME is an anytun client not a server?)" >&2 return 1 @@ -50,7 +50,13 @@ start_configd () { } case $1 in -(vpn) start_vpn ;; -(configd) start_configd ;; -(*) exit 2;; + vpn) + start_vpn + ;; + configd) + start_configd + ;; + *) + exit 2 + ;; esac diff --git a/usr/lib/systemd/system/anytun-control@.service b/usr/lib/systemd/system/anytun-control@.service index b2e6a2c..4fb3ba7 100644 --- a/usr/lib/systemd/system/anytun-control@.service +++ b/usr/lib/systemd/system/anytun-control@.service @@ -1,5 +1,5 @@ [Unit] -Description=AnyTun Server Config Control Daemon +Description=secure anycast tunneling config daemon After=syslog.target network.target Requires=anytun@%i.service @@ -7,7 +7,7 @@ Requires=anytun@%i.service Type=simple PIDFile=/run/anytun-controld/%i.pid Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3" -ExecStart=/usr/bin/anytun-launcher.sh configd +ExecStart=/usr/local/bin/anytun-launcher.sh configd Restart=on-failure PrivateTmp=yes PrivateDevices=yes diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service index b28433b..176816b 100644 --- a/usr/lib/systemd/system/anytun@.service +++ b/usr/lib/systemd/system/anytun@.service @@ -1,12 +1,12 @@ [Unit] -Description=AnyTun secure anycast tunneling +Description=secure anycast tunneling daemon After=syslog.target network.target [Service] Type=simple PIDFile=/run/anytun/%i.pid Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3" -ExecStart=/usr/bin/anytun-launcher.sh vpn +ExecStart=/usr/local/bin/anytun-launcher.sh vpn Restart=on-failure PrivateTmp=yes PrivateDevices=yes diff --git a/usr/lib/tmpfiles.d/anytun.conf b/usr/lib/tmpfiles.d/anytun.conf new file mode 100644 index 0000000..9fb1215 --- /dev/null +++ b/usr/lib/tmpfiles.d/anytun.conf @@ -0,0 +1,2 @@ +d /run/anytun-controld 0700 anytun anytun - +d /run/anytun 0700 anytun anytun - -- cgit v1.2.3