Migrate memcached-custom to Debian

Modified memcached-custom to add support for Debian packaging. TODO: Test commented out service file parameters on Debian. Test Plan: PASS: Package installed and ISO built successfully Story: 2009256 Task: 43737 Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com> Change-Id: Ibddb64317d72fefe04e1e9ce18ad9b61839c5fca
2021-10-22 19:38:56 -03:00 · 2021-10-22 19:38:56 -03:00 · 0c2d36e634
commit 0c2d36e634
parent 5a15601ae0
9 changed files with 122 additions and 0 deletions
--- a/memcached-custom/debian/deb_folder/changelog
+++ b/memcached-custom/debian/deb_folder/changelog
@ -0,0 +1,5 @@
+memcached-custom (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ -- Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>  Fri, 22 Oct 2021 04:11:29 -0400
--- a/memcached-custom/debian/deb_folder/control
+++ b/memcached-custom/debian/deb_folder/control
@ -0,0 +1,13 @@
+Source: memcached-custom
+Section: admin
+Priority: optional
+Maintainer: Starlingx Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.4.1
+Homepage: https://www.starlingx.io
+
+Package: memcached-custom
+Architecture: all
+Depends: ${misc:Depends}
+Description: Packages memcached service file to system folder
+ Installs a customized service file for memcached.
--- a/memcached-custom/debian/deb_folder/copyright
+++ b/memcached-custom/debian/deb_folder/copyright
@ -0,0 +1,27 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: memcached-custom
+Source: https://opendev.org/starlingx/config-files/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
--- a/memcached-custom/debian/deb_folder/memcached-custom.install
+++ b/memcached-custom/debian/deb_folder/memcached-custom.install
@ -0,0 +1 @@
+memcached.service etc/systemd/system/
--- a/memcached-custom/debian/deb_folder/postinst
+++ b/memcached-custom/debian/deb_folder/postinst
@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+chmod 644 /etc/systemd/system/memcached.service
+
+#DEBHELPER#
--- a/memcached-custom/debian/deb_folder/rules
+++ b/memcached-custom/debian/deb_folder/rules
@ -0,0 +1,5 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE = 1
+
+%:
+	dh $@
--- a/memcached-custom/debian/deb_folder/source/format
+++ b/memcached-custom/debian/deb_folder/source/format
@ -0,0 +1 @@
+3.0 (quilt)
--- a/memcached-custom/debian/meta_data.yaml
+++ b/memcached-custom/debian/meta_data.yaml
@ -0,0 +1,7 @@
+---
+debname: memcached-custom
+debver: 1.0-1
+src_path: source-debian
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true
--- a/memcached-custom/source-debian/memcached.service
+++ b/memcached-custom/source-debian/memcached.service
@ -0,0 +1,56 @@
+#
+# This service file is a customized version in platform-util package from
+# openstack/stx-integ project
+
+[Unit]
+Description=memcached daemon
+Before=httpd.service
+After=network-online.target
+
+[Service]
+EnvironmentFile=/etc/sysconfig/memcached
+ExecStart=/usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS
+
+# Set up a new file system namespace and mounts private /tmp and /var/tmp directories
+# so this service cannot access the global directories and other processes cannot
+# access this service's directories.
+PrivateTmp=true
+
+# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
+ProtectSystem=full
+
+# Ensures that the service process and all its children can never gain new privileges
+NoNewPrivileges=true
+
+# Sets up a new /dev namespace for the executed processes and only adds API pseudo devices
+# such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it,
+# but no physical devices such as /dev/sda.
+PrivateDevices=true
+
+# Required for dropping privileges and running as a different user
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
+LimitNOFILE=16384
+
+# Attempts to create memory mappings that are writable and executable at the same time,
+# or to change existing memory mappings to become executable are prohibited.
+# XXX: this property is supported with systemd 231+ which is not yet on EL7
+# MemoryDenyWriteExecute=true
+
+# Restricts the set of socket address families accessible to the processes of this unit.
+# Protects against vulnerabilities such as CVE-2016-8655
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+
+# These service parameters are commented out since they are incompatible with
+# Centos 7 and generate warning messages when included.
+# TODO: This was taken directly from Centos and needs to be tested with Debian
+#ProtectKernelModules=true
+#ProtectKernelTunables=true
+#ProtectControlGroups=true
+#RestrictRealtime=true
+#RestrictNamespaces=true
+
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target