From 0c2d36e63423065bf899bb94bc6bbce3d3e084f8 Mon Sep 17 00:00:00 2001 From: Matheus Machado Guilhermino Date: Fri, 22 Oct 2021 19:38:56 -0300 Subject: [PATCH] Migrate memcached-custom to Debian Modified memcached-custom to add support for Debian packaging. TODO: Test commented out service file parameters on Debian. Test Plan: PASS: Package installed and ISO built successfully Story: 2009256 Task: 43737 Signed-off-by: Matheus Machado Guilhermino Change-Id: Ibddb64317d72fefe04e1e9ce18ad9b61839c5fca --- memcached-custom/debian/deb_folder/changelog | 5 ++ memcached-custom/debian/deb_folder/control | 13 +++++ memcached-custom/debian/deb_folder/copyright | 27 +++++++++ .../deb_folder/memcached-custom.install | 1 + memcached-custom/debian/deb_folder/postinst | 7 +++ memcached-custom/debian/deb_folder/rules | 5 ++ .../debian/deb_folder/source/format | 1 + memcached-custom/debian/meta_data.yaml | 7 +++ .../source-debian/memcached.service | 56 +++++++++++++++++++ 9 files changed, 122 insertions(+) create mode 100644 memcached-custom/debian/deb_folder/changelog create mode 100644 memcached-custom/debian/deb_folder/control create mode 100644 memcached-custom/debian/deb_folder/copyright create mode 100644 memcached-custom/debian/deb_folder/memcached-custom.install create mode 100644 memcached-custom/debian/deb_folder/postinst create mode 100644 memcached-custom/debian/deb_folder/rules create mode 100644 memcached-custom/debian/deb_folder/source/format create mode 100644 memcached-custom/debian/meta_data.yaml create mode 100644 memcached-custom/source-debian/memcached.service diff --git a/memcached-custom/debian/deb_folder/changelog b/memcached-custom/debian/deb_folder/changelog new file mode 100644 index 0000000..697861d --- /dev/null +++ b/memcached-custom/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +memcached-custom (1.0-1) unstable; urgency=medium + + * Initial release. + + -- Matheus Guilhermino Fri, 22 Oct 2021 04:11:29 -0400 diff --git a/memcached-custom/debian/deb_folder/control b/memcached-custom/debian/deb_folder/control new file mode 100644 index 0000000..2fadf57 --- /dev/null +++ b/memcached-custom/debian/deb_folder/control @@ -0,0 +1,13 @@ +Source: memcached-custom +Section: admin +Priority: optional +Maintainer: Starlingx Developers +Build-Depends: debhelper-compat (= 13) +Standards-Version: 4.4.1 +Homepage: https://www.starlingx.io + +Package: memcached-custom +Architecture: all +Depends: ${misc:Depends} +Description: Packages memcached service file to system folder + Installs a customized service file for memcached. diff --git a/memcached-custom/debian/deb_folder/copyright b/memcached-custom/debian/deb_folder/copyright new file mode 100644 index 0000000..2286761 --- /dev/null +++ b/memcached-custom/debian/deb_folder/copyright @@ -0,0 +1,27 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: memcached-custom +Source: https://opendev.org/starlingx/config-files/ + +Files: * +Copyright: (c) 2013-2021 Wind River Systems, Inc +License: Apache-2 + +Files: debian/* +Copyright: 2021 Wind River Systems, Inc +License: Apache-2 + +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/memcached-custom/debian/deb_folder/memcached-custom.install b/memcached-custom/debian/deb_folder/memcached-custom.install new file mode 100644 index 0000000..92628e3 --- /dev/null +++ b/memcached-custom/debian/deb_folder/memcached-custom.install @@ -0,0 +1 @@ +memcached.service etc/systemd/system/ diff --git a/memcached-custom/debian/deb_folder/postinst b/memcached-custom/debian/deb_folder/postinst new file mode 100644 index 0000000..e0574a4 --- /dev/null +++ b/memcached-custom/debian/deb_folder/postinst @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +chmod 644 /etc/systemd/system/memcached.service + +#DEBHELPER# diff --git a/memcached-custom/debian/deb_folder/rules b/memcached-custom/debian/deb_folder/rules new file mode 100644 index 0000000..ed58acc --- /dev/null +++ b/memcached-custom/debian/deb_folder/rules @@ -0,0 +1,5 @@ +#!/usr/bin/make -f +#export DH_VERBOSE = 1 + +%: + dh $@ diff --git a/memcached-custom/debian/deb_folder/source/format b/memcached-custom/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/memcached-custom/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/memcached-custom/debian/meta_data.yaml b/memcached-custom/debian/meta_data.yaml new file mode 100644 index 0000000..77d89c0 --- /dev/null +++ b/memcached-custom/debian/meta_data.yaml @@ -0,0 +1,7 @@ +--- +debname: memcached-custom +debver: 1.0-1 +src_path: source-debian +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: true diff --git a/memcached-custom/source-debian/memcached.service b/memcached-custom/source-debian/memcached.service new file mode 100644 index 0000000..97914f7 --- /dev/null +++ b/memcached-custom/source-debian/memcached.service @@ -0,0 +1,56 @@ +# +# This service file is a customized version in platform-util package from +# openstack/stx-integ project + +[Unit] +Description=memcached daemon +Before=httpd.service +After=network-online.target + +[Service] +EnvironmentFile=/etc/sysconfig/memcached +ExecStart=/usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS + +# Set up a new file system namespace and mounts private /tmp and /var/tmp directories +# so this service cannot access the global directories and other processes cannot +# access this service's directories. +PrivateTmp=true + +# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. +ProtectSystem=full + +# Ensures that the service process and all its children can never gain new privileges +NoNewPrivileges=true + +# Sets up a new /dev namespace for the executed processes and only adds API pseudo devices +# such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, +# but no physical devices such as /dev/sda. +PrivateDevices=true + +# Required for dropping privileges and running as a different user +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE +LimitNOFILE=16384 + +# Attempts to create memory mappings that are writable and executable at the same time, +# or to change existing memory mappings to become executable are prohibited. +# XXX: this property is supported with systemd 231+ which is not yet on EL7 +# MemoryDenyWriteExecute=true + +# Restricts the set of socket address families accessible to the processes of this unit. +# Protects against vulnerabilities such as CVE-2016-8655 +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX + +# These service parameters are commented out since they are incompatible with +# Centos 7 and generate warning messages when included. +# TODO: This was taken directly from Centos and needs to be tested with Debian +#ProtectKernelModules=true +#ProtectKernelTunables=true +#ProtectControlGroups=true +#RestrictRealtime=true +#RestrictNamespaces=true + +Restart=always +RestartSec=10 + +[Install] +WantedBy=multi-user.target