diff --git a/00-systemd-tuning.patch b/00-systemd-tuning.patch new file mode 100644 index 0000000..52df1f6 --- /dev/null +++ b/00-systemd-tuning.patch @@ -0,0 +1,64 @@ +diff --git a/basic.cfg b/basic.cfg +index 526ffbf..fb274e2 100644 +--- a/basic.cfg ++++ b/basic.cfg +@@ -2,13 +2,12 @@ + # sensible values for "standard" setup. + + verbose: false; +-foreground: false; ++foreground: true; + inetd: false; + numeric: false; + transparent: false; + timeout: "2"; +-user: "nobody"; +-pidfile: "/var/run/sslh.pid"; ++user: "sslh"; + + + # Change hostname with your external address name. +diff --git a/scripts/systemd.sslh.service b/scripts/systemd.sslh.service +index c2a69fd..b4d0c49 100644 +--- a/scripts/systemd.sslh.service ++++ b/scripts/systemd.sslh.service +@@ -1,11 +1,17 @@ + [Unit] + Description=SSL/SSH multiplexer ++Documentation=man:sslh(8) + After=network.target + + [Service] +-EnvironmentFile=/etc/conf.d/sslh +-ExecStart=/usr/bin/sslh --foreground $DAEMON_OPTS ++EnvironmentFile=/etc/sysconfig/sslh ++ExecStart=/usr/sbin/sslh ${DAEMON_OPTS} + KillMode=process ++CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID ++PrivateTmp=true ++PrivateDevices=true ++ProtectSystem=full ++ProtectHome=true + + [Install] + WantedBy=multi-user.target +diff --git a/sslh.pod b/sslh.pod +index c0ce606..b4446b2 100644 +--- a/sslh.pod ++++ b/sslh.pod +@@ -214,12 +214,11 @@ personality disorder). + + =over 4 + +-=item F ++=item F + +-Start-up script. The standard actions B, B and +-B are supported. ++Systemd unit to control the daemon. + +-=item F ++=item F + + Server configuration. These are environment variables + loaded by the start-up script and passed to B as diff --git a/patch0-sslh-sensible-fedora-defaults.patch b/patch0-sslh-sensible-fedora-defaults.patch deleted file mode 100644 index 3f1115f..0000000 --- a/patch0-sslh-sensible-fedora-defaults.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff --git a/basic.cfg b/basic.cfg -index 526ffbf..fb274e2 100644 ---- a/basic.cfg -+++ b/basic.cfg -@@ -2,13 +2,12 @@ - # sensible values for "standard" setup. - - verbose: false; --foreground: false; -+foreground: true; - inetd: false; - numeric: false; - transparent: false; - timeout: "2"; --user: "nobody"; --pidfile: "/var/run/sslh.pid"; -+user: "sslh"; - - - # Change hostname with your external address name. -diff --git a/scripts/systemd.sslh.service b/scripts/systemd.sslh.service -index c2a69fd..c25f09e 100644 ---- a/scripts/systemd.sslh.service -+++ b/scripts/systemd.sslh.service -@@ -1,11 +1,17 @@ - [Unit] - Description=SSL/SSH multiplexer -+Documentation=man:sslh(8) - After=network.target - - [Service] --EnvironmentFile=/etc/conf.d/sslh --ExecStart=/usr/bin/sslh --foreground $DAEMON_OPTS -+EnvironmentFile=-/etc/sysconfig/sslh -+ExecStart=/usr/sbin/sslh -F /etc/sslh.cfg ${DAEMON_OPTS} - KillMode=process -+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID -+PrivateTmp=true -+PrivateDevices=true -+ProtectSystem=full -+ProtectHome=true - - [Install] - WantedBy=multi-user.target -diff --git a/sslh.pod b/sslh.pod -index c0ce606..b4446b2 100644 ---- a/sslh.pod -+++ b/sslh.pod -@@ -214,12 +214,11 @@ personality disorder). - - =over 4 - --=item F -+=item F - --Start-up script. The standard actions B, B and --B are supported. -+Systemd unit to control the daemon. - --=item F -+=item F - - Server configuration. These are environment variables - loaded by the start-up script and passed to B as diff --git a/sslh.spec b/sslh.spec index 1732ab2..d04d0b6 100644 --- a/sslh.spec +++ b/sslh.spec @@ -1,4 +1,6 @@ %global _hardened_build 1 +# Define pkgdocdir for releases that don't define it already +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}} Name: sslh Version: 1.17 @@ -7,7 +9,7 @@ Summary: Applicative protocol(SSL/SSH) multiplexer License: GPLv2 URL: http://www.rutschle.net/tech/sslh.shtml Source0: http://www.rutschle.net/tech/%{name}-v%{version}.tar.gz -Patch0: patch0-sslh-sensible-fedora-defaults.patch +Patch0: 00-systemd-tuning.patch BuildRequires: libconfig-devel BuildRequires: libcap-devel @@ -48,16 +50,22 @@ mv ChangeLog.conv ChangeLog %install mkdir -p %{buildroot}%{_sbindir} -mkdir -p %{buildroot}%{_sysconfdir} +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig mkdir -p %{buildroot}%{_pkgdocdir} mkdir -p %{buildroot}%{_mandir}/man8 mkdir -p %{buildroot}%{_unitdir} cp -p %{name}-fork %{buildroot}%{_sbindir}/%{name} cp -p %{name}-select %{buildroot}%{_sbindir}/%{name}-select cp -p basic.cfg %{buildroot}/etc/%{name}.cfg -cp -p {README.md,COPYING,ChangeLog} %{buildroot}%{_pkgdocdir}/ cp -p %{name}.8 %{buildroot}%{_mandir}/man8/ cp -p scripts/systemd.sslh.service %{buildroot}%{_unitdir}/%{name}.service +cat > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << EOF +# +# The options passed to the sslh binary can be provided here +# Defaults to passing the configuration file to the daemon +# +DAEMON_OPTS="-F /etc/sslh.cfg" +EOF %pre @@ -77,22 +85,20 @@ exit 0 %systemd_postun_with_restart sslh.service %files -%dir %{_pkgdocdir} -%doc %{_pkgdocdir}/README.md -%license %{_pkgdocdir}/COPYING -%doc %{_pkgdocdir}/ChangeLog +%doc README.md ChangeLog example.cfg +%license COPYING %doc %{_mandir}/man8/%{name}.8* %attr(0755,root,root) %{_sbindir}/%{name} %attr(0755,root,root) %{_sbindir}/%{name}-select %{_unitdir}/%{name}.service %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/%{name}.cfg +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/%{name} %changelog -* Fri Jun 19 2015 Fedora Release Engineering - 1.17-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - +* Mon Jul 20 2015 James Hogarth - 1.17-2 +- Make sslh.cfg argument overrideable from sysconfig BZ#1221320 * Wed Mar 18 2015 James Hogarth - 1.17-1 - Initial packaging of sslh 1.17