Make the Debian package preserve its state on restart

d839ed99 · ale · 25683705 · d839ed99 · d839ed99 · d839ed99
Commit d839ed99 authored 2 years ago by ale
--- a/cmd/keystored/main.go
+++ b/cmd/keystored/main.go
@@ -22,13 +22,13 @@ import (
 var (
 	addr       = flag.String("addr", ":5006", "address to listen on")
 	configFile = flag.String("config", "/etc/keystore/config.yml", "path of config file")
+	stateFile  = flag.String("state-file", "", "path of state file for transparent restarts")
 )
 // Config wraps the keystore server.Config together with the HTTP
 // server config in a single object for YAML deserialization.
 type Config struct {
 	server.Config `yaml:",inline"`
-	StateFile     string                   `yaml:"state_file"`
 	ServerConfig  *serverutil.ServerConfig `yaml:"http_server"`
 }
@@ -94,8 +94,8 @@ func main() {
 	}
 	prometheus.MustRegister(server.NewKeystoreCollector(ks))
-	if config.StateFile != "" {
+	if *stateFile != "" {
-		if err := loadState(ks, config.StateFile); err != nil {
+		if err := loadState(ks, *stateFile); err != nil {
 			log.Printf("error loading state: %v", err)
 		}
 	}
@@ -106,8 +106,8 @@ func main() {
 		log.Fatal(err)
 	}
-	if config.StateFile != "" {
+	if *stateFile != "" {
-		if err := dumpState(ks, config.StateFile); err != nil {
+		if err := dumpState(ks, *stateFile); err != nil {
 			log.Fatalf("error dumping state: %v", err)
 		}
 	}

--- a/debian/compat
+++ b/debian/compat
-10
+13
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: keystore
 Section: admin
 Priority: optional
 Maintainer: Autistici/Inventati <debian@autistici.org>
-Build-Depends: debhelper (>=9), golang-any (>=1.11), dh-golang
+Build-Depends: debhelper (>=13), golang-any (>=1.14), dh-golang
 Standards-Version: 3.9.6
 Package: keystored

--- a/debian/keystored.default
+++ b/debian/keystored.default
 ADDR=:5006
+STATE_FILE=/var/lib/keystored/reload-state
--- a/debian/keystored.service
+++ b/debian/keystored.service
@@ -5,8 +5,8 @@ After=network.target
 [Service]
 User=keystored
 Group=keystored
-EnvironmentFile=-/etc/default/keystored
+EnvironmentFile=/etc/default/keystored
-ExecStart=/usr/bin/keystored --addr $ADDR
+ExecStart=/usr/bin/keystored --addr $ADDR --state-file $STATE_FILE
 Restart=always
 # Hardening
@@ -16,6 +16,7 @@ PrivateDevices=yes
 ProtectHome=yes
 ProtectSystem=full
 ReadOnlyDirectories=/
+ReadWriteDirectories=/var/lib/keystored
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 [Install]

--- a/debian/keystored.tmpfiles
+++ b/debian/keystored.tmpfiles
+d /var/lib/keystored 700 keystored keystored