Bug#843494: opendkim: Upgrade /etc/default to systemd override files

[Peter Colberg]

Package: opendkim
Version: 2.11.0~alpha-7
Severity: wishlist

Dear Maintainer,

Following up on #837374, I am submitting a patch that replaces the
/etc/default file with systemd override files generated in postinst.

The package ships static systemd unit and tmpfiles.d files containing
the default settings. Any non-default settings in /etc/default are
carried over via the override files as described in opendkim.NEWS.

I have dropped the -x option since it was using the default config
path. The -u option is no longer needed since systemd sets the user.
PIDFILE is ignored in favour of always deriving the pid file from
RUNDIR to ensure these are consistent.

The Group directive is not included in the default unit since systemd
always uses the primary group of User. It is however included in the
override file if either USER or GROUP were overriden in /etc/default.

Regards,
Peter

--- a/debian/opendkim.NEWS
+++ b/debian/opendkim.NEWS
@@ -1,3 +1,11 @@
+opendkim (2.11.0~alpha-8) unstable; urgency=medium
+
+    On systems using systemd, this version replaces /etc/default/opendkim
+    with the files /etc/systemd/system/opendkim.service.d/overrride.conf
+    and /etc/tmpfiles.d/opendkim.conf carrying over non-default settings.
+
+ -- Peter Colberg <pe...@colberg.org>  Sun, 06 Nov 2016 21:33:13 -0500
+
 opendkim (2.5.2+dfsg-2) unstable; urgency=low
 
     There are a number of optional features newly enabled in this revision.
--- a/debian/opendkim.postinst
+++ b/debian/opendkim.postinst
@@ -40,10 +40,14 @@
 		chmod 0700 /etc/dkimkeys
 	fi
 
-	# Generate service file if it does not exist
-	if [ ! -f /lib/systemd/system/opendkim.service ]; then
-		touch /lib/systemd/system/opendkim.service
-		/lib/opendkim/opendkim.service.generate
+	# Upgrade /etc/default to systemd override files
+	if [ -d /run/systemd/system ] && [ -f /etc/default/opendkim ]; then
+		if /lib/opendkim/opendkim.service.generate; then
+			rm -f /etc/default/opendkim
+		fi
+		if [ -f /etc/tmpfiles.d/opendkim.conf ]; then
+			systemd-tmpfiles --create /etc/tmpfiles.d/opendkim.conf
+		fi
 	fi
 fi
 
--- a/debian/opendkim.service
+++ b/debian/opendkim.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
+Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
+After=network.target nss-lookup.target 
+
+[Service]
+Type=forking
+PIDFile=/var/run/opendkim/opendkim.pid
+User=opendkim
+ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
+Restart=on-failure
+ExecReload=/bin/kill -USR1 $MAINPID
+
+[Install]
+WantedBy=multi-user.target
--- a/debian/opendkim.service.generate
+++ b/debian/opendkim.service.generate
@@ -28,59 +28,60 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 
+set -e
+
 NAME=opendkim
 
-# Include defaults if available
-if [ -f /etc/default/$NAME ] ; then
-        . /etc/default/$NAME
-else
 RUNDIR=/var/run/$NAME
 USER=$NAME
 GROUP=$NAME
-# Other package specific defaults can be added for if the defaults file is
-# missing:
 SOCKET=local:$RUNDIR/$NAME.sock
-PIDFILE=$RUNDIR/$NAME.pid
+
+_RUNDIR=$RUNDIR
+_USER=$USER
+_GROUP=$GROUP
+_SOCKET=$SOCKET
+
+# Include defaults if available
+if [ -f /etc/default/$NAME ]; then
+	. /etc/default/$NAME
+fi
+
+# Generate service override file
+SERVICE=$(mktemp $NAME.service.XXXXXXXXXX)
+
+if [ "$EXTRAAFTER" != "" ]; then
+	echo "[Unit]" >> $SERVICE
+	echo "After=$EXTRAAFTER" >> $SERVICE
+fi
+if [ "$RUNDIR" != "$_RUNDIR" ]; then
+	echo "[Service]" >> $SERVICE
+	echo "PIDFile=$RUNDIR/$NAME.pid" >> $SERVICE
+fi
+if [ "$USER" != "$_USER" ] || [ "$GROUP" != "$_GROUP" ]; then
+	grep -q -F "[Service]" $SERVICE || echo "[Service]" >> $SERVICE
+	echo "User=$USER" >> $SERVICE
+	echo "Group=$GROUP" >> $SERVICE
+fi
+if [ "$SOCKET" != "$_SOCKET" ] || [ "$RUNDIR" != "$_RUNDIR" ] || [ "$DAEMON_OPTS" != "" ]; then
+	grep -q -F "[Service]" $SERVICE || echo "[Service]" >> $SERVICE
+	echo "ExecStart=" >> $SERVICE
+	echo "ExecStart=/usr/sbin/opendkim -P $RUNDIR/$NAME.pid -p $SOCKET $DAEMON_OPTS" >> $SERVICE
 fi
 
-SERVICEFILE=/lib/$NAME/$NAME.service
+if [ -s $SERVICE ] ; then
+	mkdir -p /etc/systemd/system/$NAME.service.d
+	cp $SERVICE /etc/systemd/system/$NAME.service.d/override.conf
+fi
+
+# Generate tmpfiles.d override file
+TMPFILE=$(mktemp $NAME.tmpfile.XXXXXXXXXX)
+
+echo "d $RUNDIR 0750 $USER $GROUP - -" > $TMPFILE
 
-# Create the new service file
-echo "# Automatically Generated by $NAME systemd service file generator." > $SERVICEFILE.new
-echo "# To change the editable parameters, edit /etc/default/$NAME and then do" >> $SERVICEFILE.new
-echo "# systemctl restart $NAME." >> $SERVICEFILE.new
-echo "" >> $SERVICEFILE.new
-echo "# If you are using OpenDKIM with SQL datasets it might be necessary to start" >> $SERVICEFILE.new
-echo "# OpenDKIM after the database servers. For example, if using both MariaDB and" >> $SERVICEFILE.new
-echo "# PostgreSQL, edit /etc/default/$NAME to add the needed definitions to" >> $SERVICEFILE.new
-echo "# EXTRAAFTER. If used, mariadb.service and postgresql.service would have to be" >> $SERVICEFILE.new
-echo "# added." >> $SERVICEFILE.new
-echo "" >> $SERVICEFILE.new
-echo "[Unit]" >> $SERVICEFILE.new
-echo "Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter" >> $SERVICEFILE.new
-echo "Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html"; >> $SERVICEFILE.new
-echo "After=network.target nss-lookup.target $EXTRAAFTER" >> $SERVICEFILE.new
-echo "" >> $SERVICEFILE.new
-echo "[Service]" >> $SERVICEFILE.new
-echo "Type=forking" >> $SERVICEFILE.new
-echo "PIDFile=$PIDFILE" >> $SERVICEFILE.new
-echo "PermissionsStartOnly=true" >> $SERVICEFILE.new
-echo "User=$USER" >> $SERVICEFILE.new
-echo "Group=$GROUP" >> $SERVICEFILE.new
-echo "ExecStartPre=-/bin/sh /lib/$NAME/$NAME.service.generate" >> $SERVICEFILE.new
-echo "ExecStartPre=-/bin/mkdir -p $RUNDIR" >> $SERVICEFILE.new
-echo "ExecStartPre=-/bin/chown $USER.$GROUP $RUNDIR" >> $SERVICEFILE.new
-echo "ExecStartPre=-/bin/chmod 770 $RUNDIR" >> $SERVICEFILE.new
-echo "ExecStart=/usr/sbin/opendkim -p $SOCKET $DAEMON_OPTS -x /etc/$NAME.conf -u $USER -P $PIDFILE" >> $SERVICEFILE.new
-echo "Restart=on-failure" >> $SERVICEFILE.new
-echo "ExecReload=/bin/kill -USR1 \$MAINPID" >> $SERVICEFILE.new
-echo "" >> $SERVICEFILE.new
-echo "[Install]" >> $SERVICEFILE.new
-echo "WantedBy=multi-user.target" >> $SERVICEFILE.new
-
-if [ "$(md5sum < /lib/systemd/system/$NAME.service)" != "$(md5sum < $SERVICEFILE.new)" ] ; then
-    mv $SERVICEFILE.new /lib/systemd/system/$NAME.service
-    systemctl daemon-reload
-    systemctl restart $NAME
+if ! cmp -s $TMPFILE /usr/lib/tmpfiles.d/opendkim.conf; then
+	mkdir -p /etc/tmpfiles.d
+	cp $TMPFILE /etc/tmpfiles.d/$NAME.conf
 fi
 
+rm -f $SERVICE $TMPFILE
--- a/debian/opendkim.tmpfile
+++ b/debian/opendkim.tmpfile
@@ -0,0 +1 @@
+d /var/run/opendkim 0750 opendkim opendkim - -