Package: stunnel4 Followup-For: Bug #782030 Here's a patch adding systemd Type=notify support:
--- a/src/ui_unix.c +++ b/src/ui_unix.c @@ -107,6 +107,9 @@ if(signal(SIGINT, SIG_IGN)!=SIG_IGN) signal(SIGINT, signal_handler); /* fatal */ #endif +#ifdef USE_SYSTEMD + sd_notify(1,"READY=1"); +#endif daemon_loop(); } else { /* inetd mode */ CLI *c; This enables using a systemd service file like [Unit] Documentation=man:stunnel4 Description=TLS tunnels for network daemons [Service] Type=notify Restart=always ExecStart=/usr/bin/stunnel4 [Install] WantedBy=multi-user.target after setting foreground = yes in /etc/stunnel/stunnel.conf. This does not need a PID file (so it's best to remove the patch creating one by default), which is also useful if one wants to use systemd directives to manage privileges, for example User=stunnel4 AmbientCapabilities=CAP_NET_BIND_SERVICE ExecReload=/bin/kill -HUP $MAINPID enables reloading of a mostly unprivileged stunnel process with low-port bindings. Socket activation could do even better, running the stunnel process fully unprivileged, but requires splitting the configuration between the socket unit and stunnel.conf, which is inconvenient. The above ExecReload is rudimentary, too, because it does not wait for the reload to finish. But you get the idea. -- Regards, Feri.