From dab2e9a92666680f82f829b4db75e8a474ca03b7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 31 Aug 2016 15:19:33 -0400 Subject: add systemd service, makefile, improve INSTALL --- INSTALL | 41 +++++++++++++++++++++++++++++++++++------ Makefile | 30 ++++++++++++++++++++++++++++++ keysafe.cabal | 3 +++ keysafe.service | 15 +++++++++++++++ 4 files changed, 83 insertions(+), 6 deletions(-) create mode 100644 Makefile create mode 100644 keysafe.service diff --git a/INSTALL b/INSTALL index 97b0935..9031c27 100644 --- a/INSTALL +++ b/INSTALL @@ -1,14 +1,43 @@ -First install Haskell's stack tool, the readline and argon2 +## Quick installation + +This installs keysafe to ~/.local/bin, and is sufficient to use keysafe +to back up or restore your private key. + +First install Haskell's stack tool, the zlib, g++, readline and argon2 libraries, and zenity. For example, on a Debian system: - sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity + sudo apt-get install haskell-stack \ + zlib1g-dev g++ libreadline-dev libargon2-0-dev zenity -Then to build and install keysafe: +Then to build and install keysafe, run this in the keysafe directory: - stack install keysafe + stack install Note that there is a manpage, but stack doesn't install it yet. -## Server installation +## System-wide installation + +This installs keysafe in /usr/bin, and includes the man page, systemd +service file, etc. + +Start by installing the dependencies as shown in Quick installation. + +Then, in the keysafe directory: + + make + sudo make install + +## Packaging + +You will probably want to use the Makefile. +Set PREFIX to install to a different location. +Set BUILDER=cabal to use cabal rather than the default stack to build. + +The make install target creates a keysafe user. Use the install-files +target to avoid doing that at package build time. You may create the +keysafe user at package install time instead, although it is only used +by the keysafe server. -useradd --system keysafe +While keysafe ships with a systemd service file, distributions should +not enable it to be started by default. (Or can put it in its own +keysafe-server package.) diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f287c2b --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ +PREFIX?= +# Can be stack or cabal +BUILDER?=stack + +build: keysafe + +keysafe: + $(BUILDER) build + if [ "$(BUILDER)" = stack ]; then \ + ln -sf $$(find .stack-work/ -name keysafe -type f | grep build/keysafe/keysafe | tail -n 1) keysafe; \ + else \ + ln -sf dist/build/keysafe/keysafe keysafe; \ + fi + +clean: + rm -rf keysafe dist .stack-work + +install: install-files + useradd --system keysafe + chmod 700 $(PREFIX)/var/lib/keysafe + chown keysafe:keysafe $(PREFIX)/var/lib/keysafe + +install-files: keysafe + install -d $(PREFIX)/var/lib/keysafe + install -d $(PREFIX)/usr/bin + install -s -m 0755 keysafe $(PREFIX)/usr/bin/keysafe + install -d $(PREFIX)/usr/share/man/man1 + install -m 0644 keysafe.1 $(PREFIX)/usr/share/man/man1/keysafe.1 + install -d $(PREFIX)/lib/systemd/system + install -m 0644 keysafe.service $(PREFIX)/lib/systemd/system/keysafe.service diff --git a/keysafe.cabal b/keysafe.cabal index fa530dd..df7151c 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -20,7 +20,10 @@ License-File: AGPL Extra-Source-Files: CHANGELOG TODO + INSTALL keysafe.1 + keysafe.service + Makefile Executable keysafe Main-Is: keysafe.hs diff --git a/keysafe.service b/keysafe.service new file mode 100644 index 0000000..31fa424 --- /dev/null +++ b/keysafe.service @@ -0,0 +1,15 @@ +[Unit] +Description=keysafe server + +[Service] +ExecStart=/usr/bin/keysafe --server --port 4242 --store-directory=/var/lib/keysafe/ +InaccessiblePaths=/home /etc +ReadWritePaths=/var/lib/keysafe +User=keysafe +Group=keysafe +StandardInput=null +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3