diff options
author | skydrome | 2019-11-06 01:30:42 -0500 |
---|---|---|
committer | skydrome | 2019-11-06 01:30:42 -0500 |
commit | 81b34eadb0c2624d3b69a229a2d63551104e9745 (patch) | |
tree | ccf8200fa8e87c9fe5a3ced64e12a34c396d00d4 | |
parent | 9431f135caf9977fa336cb8692af342a75a81f45 (diff) | |
download | aur-81b34eadb0c2624d3b69a229a2d63551104e9745.tar.gz |
rehaul i2p user creation/permissions and service file
-rwxr-xr-x | PKGBUILD | 37 | ||||
-rwxr-xr-x | i2p.install | 21 | ||||
-rw-r--r-- | i2p.tmpfiles | 4 | ||||
-rwxr-xr-x | i2prouter.service | 26 | ||||
-rwxr-xr-x | i2prouter.sh | 51 | ||||
-rwxr-xr-x | router.config | 4 |
6 files changed, 76 insertions, 67 deletions
@@ -25,51 +25,52 @@ validpgpkeys=('2D3D2D03910C6504C1210C65EE60C0C8EE7256A8') _url="https://launchpad.net/i2p/trunk/${pkgver}/+download" source=("${_url}/i2pinstall_${pkgver}.jar"{,.sig} - 'i2prouter.service' 'i2prouter.sh' 'wrapper.config' 'router.config') + 'i2prouter.service' 'i2p.tmpfiles' 'i2prouter.sh' + 'wrapper.config' 'router.config') sha256sums=('e5eb3db08dcc594e2fb01ada63303ff48096a454db1c7659c928ddb07736c84a' 'SKIP' - '9bb899ece87099716da29bac8b7da02916fc325699b68989e73c1fe333a6342f' - 'ea8f97e66461d591b1819eab39bbc40056b89ae12f7729b3dd9fd2ce088e5e53' + '644b771ec7f5db3efab3206bf1f896566cdb00d410a54608fda85bdb4c2ad876' + 'df26da04c8415ac24ec73b0dd08d3459a8964553bb77e5da5ab9833b0a31d865' + 'ae1ff9026f0a9180718249e6d8a973ffe03501bf55491cb3866d72230e89dc8a' '5d134ee5bc614b54ec48de7c5214f6dbe08abcfab7d286c5b1c7616e39b478ed' - '1527afbadcf849ef551b3b7b68d1a29eec316ee620f5320f2933f73ee9924978') + '7a4688db826c3dddb762976cd8c9a5d465255c3577069243d8e5af941a4126e2') package() { + cd "$pkgdir" source /etc/profile.d/jre.sh + echo "INSTALL_PATH=${pkgdir}/opt/i2p" >install.properties java -jar i2pinstall_${pkgver}.jar \ -options install.properties \ -language eng - cd "$pkgdir" - install -dm755 "usr/bin" - install -dm755 "opt/i2p/.tmp" + install -dm755 "opt/i2p" + + install -Dm644 "$srcdir/i2prouter.service" "usr/lib/systemd/system/i2prouter.service" + install -Dm644 "$srcdir/i2p.tmpfiles" "usr/lib/tmpfiles.d/i2p.conf" + echo 'u i2p - "I2P Router" /opt/i2p /bin/sh' | + install -Dm644 /dev/stdin "usr/lib/sysusers.d/i2p.conf" install -Dm644 "$srcdir/router.config" "opt/i2p/router.config" install -Dm644 "$srcdir/wrapper.config" "opt/i2p/wrapper.config" - install -Dm644 "$srcdir/i2prouter.sh" "opt/i2p/i2prouter" - install -Dm644 "$srcdir/i2prouter.service" "usr/lib/systemd/system/i2prouter.service" + install -Dm755 "$srcdir/i2prouter.sh" "opt/i2p/i2prouter" install -Dm644 "opt/i2p/man/eepget.1" "usr/share/man/man1/eepget.1" install -Dm644 "opt/i2p/LICENSE.txt" "usr/share/licenses/i2p/LICENSE" mv opt/i2p/licenses/* "usr/share/licenses/i2p/" ln -s /opt/i2p/{eepget,i2prouter} "usr/bin/" chmod +x opt/i2p/{eepget,i2prouter} - - chmod -x opt/i2p/*.config - chmod 755 opt/i2p - chown -R 985:985 opt/i2p - - echo 'u i2p 985 "I2P Router" /opt/i2p /bin/sh' | - install -Dm644 /dev/stdin "usr/lib/sysusers.d/i2p.conf" - echo 'd /run/i2p 0700 i2p i2p' | - install -Dm644 /dev/stdin "usr/lib/tmpfiles.d/i2p.conf" + chmod -x opt/i2p/*.config sed -i opt/i2p/eepget \ -e "s:$pkgdir/opt/i2p:/opt/i2p:g" + + # dont automatically start the webserver (3) or open a webbrowser (4) sed -i opt/i2p/clients.config \ -e "s:clientApp.3.startOnLoad=.*:clientApp.3.startOnLoad=false:" \ -e "s:clientApp.4.startOnLoad=.*:clientApp.4.startOnLoad=false:" + rm -rf opt/i2p/{Uninstaller,.installationinformation,INSTALL-headless.txt,LICENSE.txt,runplain.sh,licenses,man,i2psvc,lib/*wrapper*,scripts/home.i2p.i2prouter} } diff --git a/i2p.install b/i2p.install index 68c5726b257f..8bf945fbf96a 100755 --- a/i2p.install +++ b/i2p.install @@ -1,24 +1,9 @@ post_install() { - echo "==> " - echo "==> I2P Router settings can be adjusted at" + echo "==> I2P Router webui can be accessed at" echo "==> http://127.0.0.1:7657/config.jsp" - echo "==> " -} - -## arg 1: the new package version -## arg 2: the old package version -post_upgrade() { - if (( $(vercmp $2 0.9.39) < 0 )); then - [[ $(id -g i2p) = '985' ]] || { - echo -n ">>> Updating i2p user..." - groupmod --gid 985 i2p - usermod --uid 985 -s /bin/sh i2p - chown -R 985:985 /opt/i2p - echo " done" - } - fi } post_remove() { - rm -f /opt/i2p/lib*.so* + rm -rf /opt/i2p/{lib*.so*,.tmp,.cache} + echo "==> Router configuration is saved in /opt/i2p/.i2p" } diff --git a/i2p.tmpfiles b/i2p.tmpfiles new file mode 100644 index 000000000000..15085d2b2d37 --- /dev/null +++ b/i2p.tmpfiles @@ -0,0 +1,4 @@ +d /run/i2p 0700 i2p i2p +d /opt/i2p 0755 i2p i2p +d /opt/i2p/.i2p 0700 i2p i2p +d /opt/i2p/.tmp 0700 i2p i2p diff --git a/i2prouter.service b/i2prouter.service index 7c278c833596..5a80c870e9fc 100755 --- a/i2prouter.service +++ b/i2prouter.service @@ -1,18 +1,32 @@ +# It's not recommended to modify this file because it will be +# overwritten during package upgrades. If you want to make changes, the +# best way is to create a file "/etc/systemd/system/i2prouter.service.d/foo.conf" +# and make your changes there. This file will be parsed after the file +# i2p.service itself is parsed. + [Unit] Description=Invisible Internet Project -After=network.target +After=network.target time-sync.target [Service] Type=forking User=i2p PIDFile=/run/i2p/i2p.pid -Environment=WRAPPER_CONF=/opt/i2p/wrapper.config -ExecStart=/usr/bin/java-service-wrapper ${WRAPPER_CONF} \ - wrapper.name=i2prouter wrapper.syslog.ident=i2prouter \ - wrapper.daemonize=TRUE -SendSIGKILL=no + +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +DeviceAllow=/dev/null rw +DeviceAllow=/dev/urandom r +LimitNOFILE=4096 + +ExecStart=/usr/bin/java-service-wrapper /opt/i2p/wrapper.config \ + wrapper.name=i2prouter \ + wrapper.syslog.ident=i2prouter \ + wrapper.daemonize=TRUE TZ=UTC ExecReload=/bin/kill -USR1 $MAINPID ExecStop=/bin/kill -TERM $MAINPID +SendSIGKILL=no SuccessExitStatus=0 2 3 [Install] diff --git a/i2prouter.sh b/i2prouter.sh index 1af0a35b4cbb..8d52e58666ea 100755 --- a/i2prouter.sh +++ b/i2prouter.sh @@ -1,12 +1,11 @@ -#!/bin/bash +#!/usr/bin/env bash #----------------------------------------------------------------------------- I2P_USER="i2p" WRAPPER_CMD="/usr/bin/java-service-wrapper" WRAPPER_CONF="/opt/i2p/wrapper.config" -PIDDIR="/run/i2p" -PIDFILE="$PIDDIR/i2p.pid" -TIMEOUT=30 +PIDFILE="/run/i2p/i2p.pid" +TIMEOUT=30 #seconds #----------------------------------------------------------------------------- fail() { @@ -20,10 +19,7 @@ debug() { check_user() { if [[ "$(id -un)" != "$I2P_USER" ]]; then #debug "current user: $(id -un) dropping to user: $I2P_USER" - if [[ ! -d "$PIDDIR" ]]; then - mkdir -p "$PIDDIR" - chown ${I2P_USER}:${I2P_USER} "$PIDDIR" - fi + #chmod 700 /opt/i2p/.{i2p,tmp} SCRIPT_PATH="$(cd $(dirname $0) && pwd)/$(basename $0)" su - "$I2P_USER" -c "${SCRIPT_PATH} $@" exit $? @@ -39,7 +35,7 @@ init_vars() { fail "Attempting to start as root! Please edit $(basename $0) and set the variable \$I2P_USER" [[ "$(id -un "$I2P_USER")" != "$I2P_USER" ]] && fail "\$I2P_USER does not exist: $I2P_USER" - COMMAND_LINE="\"$WRAPPER_CMD\" \"$WRAPPER_CONF\" wrapper.syslog.ident=\"i2prouter\" wrapper.name=\"i2prouter\"" + COMMAND_LINE="\"$WRAPPER_CMD\" \"$WRAPPER_CONF\" wrapper.syslog.ident=\"i2prouter\" wrapper.name=\"i2prouter\" TZ=UTC" } get_wrapper_pid() { @@ -77,13 +73,13 @@ _console() { eval $COMMAND_LINE [[ $? != 0 ]] && fail "Failed to launch the wrapper!" else - echo "I2P Service is already running" + echo "I2P Router is already running! (pid: $pid)" fi } _start() { if [[ ! "$pid" ]]; then - echo -n "Starting I2P Service" + echo -n "Starting I2P Router" COMMAND_LINE+=" wrapper.daemonize=TRUE" eval $COMMAND_LINE [[ $? != 0 ]] && fail "Failed to launch the wrapper!" @@ -97,20 +93,20 @@ _start() { [[ $(get_pid) ]] && echo " done (pid $pid)" || fail "timeout: Failed to start wrapper!" else - echo "I2P Service is already running" + echo "I2P Router is already running! (pid: $pid)" fi } _restart() { [[ "$pid" ]] && - kill -USR1 $(get_wrapper_pid) || echo "I2P Service is not running" + kill -USR1 $(get_wrapper_pid) || echo "I2P Router is not running" } _stop() { if [[ "$pid" ]]; then - echo -n "Stopping I2P Service" + echo -n "Hard shutdown initiated" kill -TERM "$pid" - [[ $? != 0 ]] && fail "Unable to stop I2P Service: kill -TERM $pid" + [[ $? != 0 ]] && fail "Unable to stop I2P Router: kill -TERM $pid" i=0 while [[ "$pid" || $i > $TIMEOUT ]]; do echo -n "." @@ -125,23 +121,35 @@ _stop() { [[ "$1" = 'start' ]] && _start fi else - echo "I2P Service is not running." + echo "I2P Router is not running." fi } _graceful() { if [[ "$pid" ]]; then - echo "Stopping I2P Service gracefully..." + echo -n "Graceful shutdown initiated" kill -HUP "$pid" - [[ $? != 0 ]] && fail "Unable to stop I2P Service." + [[ $? != 0 ]] && fail "Unable to stop I2P Router." + i=0 + while [[ "$pid" || $i > 660 ]]; do + echo -n "." + sleep 1 + [[ ! $(get_pid) ]] && unset pid + ((i++)) + done + if [[ "$pid" ]]; then + fail "timeout: Took longer than 10m to stop. (pid: $pid)" + else + echo " done" + fi else - echo "I2P Service is not running." + echo "I2P Router is not running." fi } _status() { [[ "$pid" ]] && - echo "I2P Service is running: PID:$pid" || echo "I2P Service is not running." + echo "I2P Router is running: PID:$pid" || echo "I2P Router is not running." } _dump() { @@ -151,7 +159,7 @@ _dump() { [[ $? != 0 ]] && fail "Failed to dump threads" || echo "Thread Dump is available in wrapper.log" else - echo "I2P Service is not running." + echo "I2P Router is not running." fi } #----------------------------------------------------------------------------- @@ -189,4 +197,3 @@ case "$1" in echo ;; esac -exit 0 diff --git a/router.config b/router.config index 7148ff0df281..473519cdb5dc 100755 --- a/router.config +++ b/router.config @@ -1,11 +1,9 @@ # NOTE: This I2P config file must use UTF-8 encoding # * i2cp: allows java clients to communicate with I2P outside of the JVM. Disabled. -# * IPv6: Disabled # * In-I2P Network Updates: Disabled i2cp.disableInterface=true -i2np.ntcp.ipv6=false -i2np.udp.ipv6=false i2np.udp.addressSources=hidden router.updateDisabled=true routerconsole.advanced=true i2np.upnp.enable=false +routerconsole.theme=light
\ No newline at end of file |