On 03/27/2014 11:47 AM, Clint Adams wrote: > Package: msva-perl > Version: 0.9.2-1 > Severity: wishlist > > I just switched from runit to systemd for running a "system-wide" > instance of msva-perl, using the following unit file. I suggest > including a better version as an example. > > [Unit] > Description=MSVA > After=network.target auditd.service > ConditionPathExists=!/etc/monkeysphere/msva_not_to_be_run > > [Service] > Environment="MSVA_ALLOWED_USERS=www-data clint" > MSVA_KEYSERVER=hkp://pool.sks-keyservers.net MSVA_LOG_LEVEL=debug > MSVA_PORT=5000 > ExecStart=/usr/bin/msva-perl > Restart=always > KillMode=process > User=wwwmsva > Group=wwwmsva > > [Install] > WantedBy=multi-user.target
I agree that something like this could be useful. it would also be nice
to have msva-perl inherit its listening socket on a file descriptor, so
that systemd can handle the socket activation automatically.
But not everyone who installs msva-perl wants exactly one system-wide
MSVA -- some want none, and some might want more than one (the
validation agent to use with your MTA might be distinct from the
validation agent to use with your web server).
So i think this request at the moment isn't particularly well-defined.
maybe we can flesh it out further?
here's one proposal: create (from the current msva-perl package) an
additional separate binary package that just installs a single
system-wide validation agent, run by a user named "system-msva".
Other possible msva changes that this implies:
* we could add MSVA_ALLOWED_GROUPS in addition to MSVA_ALLOWED_USERS,
to allow dynamic changes in access control
* if we're going to rely on systemd, which depends generally on dbus
signalling, we could run the communication with the daemon over dbus
directly instead of TCP (this is a bigger change, i think, and probably
should be a separate discussion)
--dkg
signature.asc
Description: OpenPGP digital signature
