From a834db5dc933a4b48c8323ae3e490448a86b448f Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 4 Jul 2018 13:59:24 +0200 Subject: use private bind mounts for pacserve, remove pacdbserve We want just one service to serve database files and package archives. Private bind mounts make both available to pacserve. This alse removes some complexity in pacredir. --- .gitignore | 1 - Makefile | 17 +++------ README.md | 4 +- avahi/pacdbserve.service.in | 15 -------- avahi/pacserve.service.in | 2 +- config.def.h | 6 +-- initcpio/hooks/pacredir | 19 +++------- pacredir.c | 90 +++++++++++---------------------------------- pacredir.conf | 3 +- pacredir.h | 3 +- systemd/pacdbserve.service | 14 ------- systemd/pacredir.service | 1 - systemd/pacserve.service | 7 ++-- systemd/tmpfiles.conf | 2 + 14 files changed, 46 insertions(+), 138 deletions(-) delete mode 100644 avahi/pacdbserve.service.in delete mode 100644 systemd/pacdbserve.service create mode 100644 systemd/tmpfiles.conf diff --git a/.gitignore b/.gitignore index 5e671cb..cf170d5 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,6 @@ arch pacredir config.h -avahi/pacdbserve.service avahi/pacserve.service README.html version.h diff --git a/Makefile b/Makefile index fd13a48..776f715 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ ID := $(shell grep 'ID=' < /etc/os-release | cut -d= -f2) # a release tarball... VERSION := 0.3.3 -all: pacredir avahi/pacdbserve.service avahi/pacserve.service README.html +all: pacredir avahi/pacserve.service README.html pacredir: pacredir.c pacredir.h config.h version.h $(CC) $(CFLAGS) $(CFLAGS_EXTRA) $(LDFLAGS) -DREPRODUCIBLE=$(REPRODUCIBLE) -DARCH=\"$(ARCH)\" -DID=\"$(ID)\" -o pacredir pacredir.c @@ -41,28 +41,23 @@ config.h: version.h: $(wildcard .git/HEAD .git/index .git/refs/tags/*) Makefile printf "#ifndef VERSION\n#define VERSION \"%s\"\n#endif\n" $(shell git describe --long 2>/dev/null || echo ${VERSION}) > $@ -avahi/pacdbserve.service: avahi/pacdbserve.service.in - $(SED) 's/%ARCH%/$(ARCH)/;s/%ID%/$(ID)/' avahi/pacdbserve.service.in > avahi/pacdbserve.service - avahi/pacserve.service: avahi/pacserve.service.in - $(SED) 's/%ID%/$(ID)/' avahi/pacserve.service.in > avahi/pacserve.service + $(SED) 's/%ARCH%/$(ARCH)/;s/%ID%/$(ID)/' avahi/pacserve.service.in > avahi/pacserve.service README.html: README.md $(MD) README.md > README.html install: install-bin install-doc -install-bin: pacredir avahi/pacdbserve.service avahi/pacserve.service +install-bin: pacredir avahi/pacserve.service $(INSTALL) -D -m0755 pacredir $(DESTDIR)$(PREFIX)/bin/pacredir $(LN) -s darkhttpd $(DESTDIR)$(PREFIX)/bin/pacserve - $(LN) -s darkhttpd $(DESTDIR)$(PREFIX)/bin/pacdbserve $(INSTALL) -D -m0644 pacredir.conf $(DESTDIR)/etc/pacredir.conf $(INSTALL) -D -m0644 pacman/pacredir $(DESTDIR)/etc/pacman.d/pacredir $(INSTALL) -D -m0644 avahi/pacserve.service $(DESTDIR)/etc/avahi/services/pacserve.service - $(INSTALL) -D -m0644 avahi/pacdbserve.service $(DESTDIR)/etc/avahi/services/pacdbserve.service - $(INSTALL) -D -m0644 systemd/pacdbserve.service $(DESTDIR)$(PREFIX)/lib/systemd/system/pacdbserve.service $(INSTALL) -D -m0644 systemd/pacredir.service $(DESTDIR)$(PREFIX)/lib/systemd/system/pacredir.service $(INSTALL) -D -m0644 systemd/pacserve.service $(DESTDIR)$(PREFIX)/lib/systemd/system/pacserve.service + $(INSTALL) -D -m0644 systemd/tmpfiles.conf $(DESTDIR)$(PREFIX)/lib/tmpfiles.d/pacserve.conf $(INSTALL) -D -m0644 initcpio/hooks/pacredir $(DESTDIR)$(PREFIX)/lib/initcpio/hooks/pacredir $(INSTALL) -D -m0644 initcpio/install/pacredir $(DESTDIR)$(PREFIX)/lib/initcpio/install/pacredir $(INSTALL) -D -m0644 dhcpcd/80-pacredir $(DESTDIR)$(PREFIX)/lib/dhcpcd/dhcpcd-hooks/80-pacredir @@ -73,10 +68,10 @@ install-doc: README.html $(INSTALL) -D -m0644 README.html $(DESTDIR)$(PREFIX)/share/doc/pacredir/README.html clean: - $(RM) -f *.o *~ pacredir avahi/pacdbserve.service avahi/pacserve.service README.html version.h + $(RM) -f *.o *~ pacredir avahi/pacserve.service README.html version.h distclean: - $(RM) -f *.o *~ pacredir avahi/pacdbserve.service avahi/pacserve.service README.html version.h config.h + $(RM) -f *.o *~ pacredir avahi/pacserve.service README.html version.h config.h release: git archive --format=tar.xz --prefix=pacredir-$(VERSION)/ $(VERSION) > pacredir-$(VERSION).tar.xz diff --git a/README.md b/README.md index be44d41..2b44c7b 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,8 @@ Additionally systemd service files are installed to Usage ----- -Enable systemd services `pacserve`, `pacdbserve` and `pacredir`, open TCP -ports `7078` and `7079` and add the following line to your repository +Enable systemd services `pacserve` and `pacredir`, open TCP +port `7078` and add the following line to your repository definitions in `pacman.conf`: > Include = /etc/pacman.d/pacredir diff --git a/avahi/pacdbserve.service.in b/avahi/pacdbserve.service.in deleted file mode 100644 index 106bc28..0000000 --- a/avahi/pacdbserve.service.in +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - %h - - - _pacdbserve_%ID%_%ARCH%._tcp - 7079 - - - diff --git a/avahi/pacserve.service.in b/avahi/pacserve.service.in index 2da20f7..4a39e6d 100644 --- a/avahi/pacserve.service.in +++ b/avahi/pacserve.service.in @@ -8,7 +8,7 @@ %h - _pacserve_%ID%._tcp + _pacserve_%ID%_%ARCH%._tcp 7078 diff --git a/config.def.h b/config.def.h index 00a4955..a11028b 100644 --- a/config.def.h +++ b/config.def.h @@ -22,14 +22,12 @@ #define PAGE404 "404 Not Found" \ "404 Not Found: %s" -/* the ports pacredir, pacserve and pacdbserve listen to */ +/* the ports pacredir and pacserve listen to */ #define PORT_PACREDIR 7077 #define PORT_PACSERVE 7078 -#define PORT_PACDBSERVE 7079 /* avahi service names */ -#define PACSERVE "_pacserve_" ID "._tcp" -#define PACDBSERVE "_pacdbserve_" ID "_" ARCH "._tcp" +#define PACSERVE "_pacserve_" ID "_" ARCH "._tcp" /* path to the config file */ #define CONFIGFILE "/etc/pacredir.conf" diff --git a/initcpio/hooks/pacredir b/initcpio/hooks/pacredir index 5f8d560..c73bb8e 100644 --- a/initcpio/hooks/pacredir +++ b/initcpio/hooks/pacredir @@ -4,24 +4,17 @@ run_latehook() { local newroot="/new_root/" if ! grep -q '^pacserve hosts' ${newroot}/etc/pacredir.conf; then - if [[ -n "${pacserve}" ]]; then - msg ":: Adding pacserve host '${pacserve}' to pacredir.conf..." - echo "pacserve hosts = ${pacserve}" >> ${newroot}/etc/pacredir.conf - fi - fi - - if ! grep -q '^pacdbserve hosts' ${newroot}/etc/pacredir.conf; then case $(uname -m) in x86_64) - if [[ -n "${pacdbserve_x86_64}" ]]; then - msg ":: Adding pacdbserve host '${pacdbserve_x86_64}' to pacredir.conf..." - echo "pacdbserve hosts = ${pacdbserve_x86_64}" >> ${newroot}/etc/pacredir.conf + if [[ -n "${pacserve_x86_64}" ]]; then + msg ":: Adding pacserve host '${pacserve_x86_64}' to pacredir.conf..." + echo "pacserve hosts = ${pacserve_x86_64}" >> ${newroot}/etc/pacredir.conf fi ;; i686) - if [[ -n "${pacdbserve_i686}" ]]; then - msg ":: Adding pacdbserve host '${pacdbserve_i686}' to pacredir.conf..." - echo "pacdbserve hosts = ${pacdbserve_i686}" >> ${newroot}/etc/pacredir.conf + if [[ -n "${pacserve_i686}" ]]; then + msg ":: Adding pacserve host '${pacserve_i686}' to pacredir.conf..." + echo "pacserve hosts = ${pacserve_i686}" >> ${newroot}/etc/pacredir.conf fi ;; esac diff --git a/pacredir.c b/pacredir.c index 4660c8f..76dc52d 100644 --- a/pacredir.c +++ b/pacredir.c @@ -47,22 +47,25 @@ char * get_fqdn(const char * hostname, const char * domainname) { } /*** get_url ***/ -char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const char * uri) { - const char * host; +char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const uint8_t dbfile, const char * uri) { + const char * host, * dir; char * url; - host = (*address ? address : hostname); + host = *address ? address : hostname; + + dir = dbfile ? "db" : "pkg"; url = malloc(10 /* static chars of an url & null char */ + strlen(host) + 5 /* max strlen of decimal 16bit value */ + 2 /* square brackets for IPv6 address */ + + 4 /* extra dir */ + strlen(uri)); if (*address != 0 && proto == AVAHI_PROTO_INET6) - sprintf(url, "http://[%s]:%d/%s", address, port, uri); + sprintf(url, "http://[%s]:%d/%s/%s", address, port, dir, uri); else - sprintf(url, "http://%s:%d/%s", host, port, uri); + sprintf(url, "http://%s:%d/%s/%s", host, port, dir, uri); return url; } @@ -97,11 +100,6 @@ int add_host(const char * host, AvahiProtocol proto, const char * address, const tmphosts->pacserve.badtime = 0; tmphosts->pacserve.badcount = 0; - tmphosts->pacdbserve.port = 0; - tmphosts->pacdbserve.online = 0; - tmphosts->pacdbserve.badtime = 0; - tmphosts->pacdbserve.badcount = 0; - tmphosts->next = malloc(sizeof(struct hosts)); tmphosts->next->host = NULL; tmphosts->next->next = NULL; @@ -111,19 +109,13 @@ update: if (address != NULL) memcpy(tmphosts->address, address, AVAHI_ADDRESS_STR_MAX); - if (strcmp(type, PACSERVE) == 0) { - tmphosts->pacserve.online = 1; - tmphosts->pacserve.port = port; - request.service = &tmphosts->pacserve; - } else if (strcmp(type, PACDBSERVE) == 0) { - tmphosts->pacdbserve.online = 1; - tmphosts->pacdbserve.port = port; - request.service = &tmphosts->pacdbserve; - } + tmphosts->pacserve.online = 1; + tmphosts->pacserve.port = port; + request.service = &tmphosts->pacserve; /* do a first request and let get_http_code() set the bad status */ request.host = tmphosts->host; - request.url = get_url(request.host, tmphosts->proto, tmphosts->address, request.service->port, ""); + request.url = get_url(request.host, tmphosts->proto, tmphosts->address, request.service->port, 0, ""); request.http_code = 0; request.last_modified = 0; get_http_code(&request); @@ -141,11 +133,7 @@ int remove_host(const char * host, AvahiProtocol proto, const char * type) { if (verbose > 0) write_log(stdout, "Marking service %s on host %s (%s) offline\n", type, host, avahi_proto_to_string(proto)); - if (strcmp(type, PACSERVE) == 0) { - tmphosts->pacserve.online = 0; - } else if (strcmp(type, PACDBSERVE) == 0) { - tmphosts->pacdbserve.online = 0; - } + tmphosts->pacserve.online = 0; break; } tmphosts = tmphosts->next; @@ -189,7 +177,7 @@ static void resolve_callback(AvahiServiceResolver *r, write_log(stdout, "Found service %s on host %s (%s) on interface %s\n", type, host, ipaddress, intname); - add_host(host, protocol, ipaddress, strcmp(type, PACSERVE) == 0 ? PORT_PACSERVE : PORT_PACDBSERVE, type); + add_host(host, protocol, ipaddress, PORT_PACSERVE, type); break; } @@ -438,14 +426,14 @@ static int ahc_echo(void * cls, /* try to find a server with most recent file */ while (tmphosts->host != NULL) { - struct services *service = (dbfile ? &tmphosts->pacdbserve : &tmphosts->pacserve); + struct services *service = &tmphosts->pacserve; time_t badtime = service->badtime + service->badcount * BADTIME; /* skip host if offline or had a bad request within last BADTIME seconds */ if (service->online == 0) { if (verbose > 0) write_log(stdout, "Service %s on host %s is offline, skipping\n", - dbfile ? PACDBSERVE : PACSERVE, tmphosts->host); + PACSERVE, tmphosts->host); tmphosts = tmphosts->next; continue; } else if (badtime > tv.tv_sec) { @@ -455,7 +443,7 @@ static int ahc_echo(void * cls, ctime[strlen(ctime) - 1] = '\0'; write_log(stdout, "Service %s on host %s is marked bad until %s, skipping\n", - dbfile ? PACDBSERVE : PACSERVE, tmphosts->host, ctime); + PACSERVE, tmphosts->host, ctime); } tmphosts = tmphosts->next; continue; @@ -485,11 +473,8 @@ static int ahc_echo(void * cls, /* prepare request struct */ request->host = tmphosts->host; - if (dbfile == 1) - request->service = &(tmphosts->pacdbserve); - else - request->service = &(tmphosts->pacserve); - request->url = get_url(tmphosts->host, tmphosts->proto, tmphosts->address, request->service->port, basename); + request->service = &(tmphosts->pacserve); + request->url = get_url(tmphosts->host, tmphosts->proto, tmphosts->address, request->service->port, dbfile, basename); request->http_code = 0; request->last_modified = 0; @@ -609,8 +594,6 @@ void sighup_callback(int signal) { while (tmphosts->host != NULL) { tmphosts->pacserve.badtime = 0; tmphosts->pacserve.badcount = 0; - tmphosts->pacdbserve.badtime = 0; - tmphosts->pacdbserve.badcount = 0; tmphosts = tmphosts->next; } } @@ -624,7 +607,7 @@ int main(int argc, char ** argv) { uint16_t port; struct ignore_interfaces * tmp_ignore_interfaces; AvahiClient *client = NULL; - AvahiServiceBrowser *pacserve = NULL, *pacdbserve = NULL; + AvahiServiceBrowser *pacserve = NULL; int error, i, ret = 1; struct MHD_Daemon * mhd; struct hosts * tmphosts; @@ -674,15 +657,13 @@ int main(int argc, char ** argv) { hosts->host = NULL; hosts->pacserve.online = 0; hosts->pacserve.badtime = 0; - hosts->pacdbserve.online = 0; - hosts->pacdbserve.badtime = 0; hosts->next = NULL; ignore_interfaces = malloc(sizeof(struct ignore_interfaces)); ignore_interfaces->interface = NULL; ignore_interfaces->next = NULL; - /* Probing for static pacserve and pacdbserve hosts takes some time. + /* Probing for static pacserve hosts takes some time. * Receiving a SIGHUP at this time could kill us. So register signal * SIGHUP here before probing. */ signal(SIGHUP, sighup_callback); @@ -758,25 +739,6 @@ int main(int argc, char ** argv) { free(values); } - /* add static pacdbserve hosts */ - if ((inistring = iniparser_getstring(ini, "general:pacdbserve hosts", NULL)) != NULL) { - values = strdup(inistring); - value = strtok(values, DELIMITER); - while (value != NULL) { - if (verbose > 0) - write_log(stdout, "Adding static pacdbserve host: %s\n", value); - - if (strchr(value, ':') != NULL) { - port = atoi(strchr(value, ':') + 1); - *strchr(value, ':') = 0; - } else - port = PORT_PACDBSERVE; - add_host(value, AVAHI_PROTO_UNSPEC, NULL, port, PACDBSERVE); - value = strtok(NULL, DELIMITER); - } - free(values); - } - /* done reading config file, free */ iniparser_freedict(ini); } @@ -800,13 +762,6 @@ int main(int argc, char ** argv) { goto fail; } - /* create the service browser for PACDBSERVE */ - if ((pacdbserve = avahi_service_browser_new(client, AVAHI_IF_UNSPEC, - use_proto, PACDBSERVE, NULL, 0, browse_callback, client)) == NULL) { - write_log(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_client_errno(client))); - goto fail; - } - /* prepare struct to make microhttpd listen on localhost only */ address.sin_family = AF_INET; address.sin_port = htons(PORT_PACREDIR); @@ -861,9 +816,6 @@ fail: ignore_interfaces = tmp_ignore_interfaces; } - if (pacdbserve) - avahi_service_browser_free(pacdbserve); - if (pacserve) avahi_service_browser_free(pacserve); diff --git a/pacredir.conf b/pacredir.conf index 5dcf738..9045af7 100644 --- a/pacredir.conf +++ b/pacredir.conf @@ -28,10 +28,9 @@ protocol = IPv4 # You may want to add hosts that do not announce their services via avahi or # are connected to a different network segment. Add them here. IPv6 addresses # have to be enclosed in square brackets. -# Please note that pacdbserve hosts depend on the servers architecture! +# Please note that pacserve hosts depend on the servers architecture! #pacserve hosts = test1.domain #pacserve hosts = test1.domain test2.domain -#pacdbserve hosts = test3.domain test4.domain # Give extra verbosity for more output. verbose = 0 diff --git a/pacredir.h b/pacredir.h index fa26dbd..bddab74 100644 --- a/pacredir.h +++ b/pacredir.h @@ -66,7 +66,6 @@ struct hosts { char address[AVAHI_ADDRESS_STR_MAX]; /* online status and bad time for services */ struct services pacserve; - struct services pacdbserve; /* pointer to next struct element */ struct hosts * next; }; @@ -100,7 +99,7 @@ int write_log(FILE *stream, const char *format, ...); /* get_fqdn */ char * get_fqdn(const char * hostname, const char * domainname); /* get_url */ -char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const char * uri); +char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const uint8_t dbfile, const char * uri); /* add_host */ int add_host(const char * host, AvahiProtocol proto, const char * address, const uint16_t port, const char * type); diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service deleted file mode 100644 index a94238d..0000000 --- a/systemd/pacdbserve.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Darkhttpd to serve pacman db files -After=network.target - -[Service] -ExecStart=/usr/bin/pacdbserve /var/lib/pacman/sync/ --ipv6 --port 7079 --no-listing -DynamicUser=on -ProtectSystem=full -ProtectHome=on -PrivateDevices=on -NoNewPrivileges=on - -[Install] -WantedBy=multi-user.target diff --git a/systemd/pacredir.service b/systemd/pacredir.service index 2e890f7..561b4cd 100644 --- a/systemd/pacredir.service +++ b/systemd/pacredir.service @@ -16,4 +16,3 @@ NoNewPrivileges=on [Install] WantedBy=multi-user.target Also=pacserve.service -Also=pacdbserve.service diff --git a/systemd/pacserve.service b/systemd/pacserve.service index 1e414db..e3e2401 100644 --- a/systemd/pacserve.service +++ b/systemd/pacserve.service @@ -1,9 +1,10 @@ [Unit] -Description=Darkhttpd to serve pacman cache -After=network.target +Description=Serve pacman database files and package archives +After=systemd-tmpfiles-setup.service network.target [Service] -ExecStart=/usr/bin/pacserve /var/cache/pacman/pkg/ --ipv6 --port 7078 --no-listing +ExecStart=/usr/bin/pacserve /run/pacserve/ --ipv6 --port 7078 --no-listing +BindReadOnlyPaths=/var/cache/pacman/pkg:/run/pacserve/pkg /var/lib/pacman/sync:/run/pacserve/db DynamicUser=on ProtectSystem=full ProtectHome=on diff --git a/systemd/tmpfiles.conf b/systemd/tmpfiles.conf new file mode 100644 index 0000000..f1da220 --- /dev/null +++ b/systemd/tmpfiles.conf @@ -0,0 +1,2 @@ +d /var/cache/pacman/pkg - - - - +d /var/lib/pacman/sync - - - - -- cgit v1.2.3-54-g00ecf