Add a compile-time option for a daemon binary

The "systemd-daemon" feature will compile PARSEC to be used as a
systemd, socket activated daemon.
Add systemd unit files and instruction on how to install the service.

Signed-off-by: Hugues de Valon <[email protected]>

Author: hug-dev

Cargo.lock

@@ -17,6 +17,7 @@ uuid = "0.7.4"
 threadpool = "1.7.1"
 std-semaphore = "0.1.0"
 signal-hook = "0.1.10"
+sd-notify = { version = "0.1.0", optional = true }
 
 [dev-dependencies]
 parsec-client-test = { git = "https://github.com/parallaxsecond/parsec-client-test", tag = "0.1.2"  }
@@ -34,3 +35,7 @@ mbed-crypto-version = "mbedcrypto-1.1.0"
 [features]
 default = ["mbed"]
 mbed = []
+
+# Feature to compile the PARSEC binary to be executed as a systemd daemon.
+# This feature is only available on Linux.
+systemd-daemon = ["sd-notify"]

Cargo.toml

@@ -139,6 +139,7 @@ This project uses the following third party crates:
 * std-semaphore (MIT and Apache-2.0)
 * num_cpus (MIT and Apache-2.0)
 * signal-hook (MIT and Apache-2.0)
+* sd-notify (Apache-2.0)
 
 This project uses the following third party libraries:
 * [Mbed Crypto](https://github.com/ARMmbed/mbed-crypto) (Apache-2.0)
@@ -160,6 +161,39 @@ You can execute unit tests with `cargo test --lib`.
 The [test client](https://github.com/parallaxsecond/parsec-client-test) is used for integration
 testing. Check that repository for more details.
 
+# **Installing the PARSEC service (Linux only)**
+
+PARSEC can be built and installed as a Linux daemon using systemd. The PARSEC daemon uses socket
+activation which means that the daemon will be automatically started when a client request is
+made on the socket. The daemon is a systemd user daemon run by the `parsec` user.
+
+If your Linux system uses systemd to manage daemons, you can follow these steps.
+
+* Create and log in to a new user named `parsec`
+* In its home directory, pull and install PARSEC as a daemon
+```bash
+$ git pull https://github.com/parallaxsecond/parsec.git
+$ cargo install --features "systemd-daemon" --path parsec
+```
+* Install the systemd unit files and activate the PARSEC socket
+```bash
+$ mkdir -p ~/.config/systemd/user
+$ cp -r systemd-daemon/parsec.service systemd-daemon/parsec.socket ~/.config/systemd/user
+$ systemctl --user enable parsec.socket
+$ systemctl --user start parsec.socket
+```
+
+Every user on the system can now use PARSEC!
+
+You can test it going inside the `parsec` directory and:
+```bash
+$ cargo test --test normal
+```
+Check the logs with:
+```bash
+$ journalclt --user -u parsec
+```
+
 # **Contributing**
 
 Please check the [**Contributing**](CONTRIBUTING.md) to know more about the contribution process.

README.md

@@ -109,6 +109,10 @@ fn main() -> Result<(), Error> {
 
     let threadpool = Builder::new().build();
 
+    #[cfg(feature = "systemd-daemon")]
+    // Notify systemd that the daemon is ready, the start command will block until this point.
+    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
+
     loop {
         if kill_signal.load(Ordering::Relaxed) {
             println!("SIGTERM signal received.");

src/bin/main.rs

@@ -22,6 +22,7 @@ use super::listener;
 
 use listener::Listen;
 use listener::ReadWrite;
+use std::os::unix::io::FromRawFd;
 
 static SOCKET_PATH: &str = "/tmp/security-daemon-socket";
 
@@ -43,23 +44,35 @@ impl DomainSocketListener {
     /// fails
     /// - if binding to the socket path fails
     fn init(&mut self) {
-        let socket = Path::new(SOCKET_PATH);
+        if cfg!(feature = "systemd-daemon") {
+            // The PARSEC service is socket activated (see parsec.socket file).
+            // systemd creates the PARSEC service giving it an initialised socket as the file
+            // descriptor number 3 (see sd_listen_fds(3) man page).
+            // If an instance of PARSEC compiled with the "systemd-daemon" feature is run directly
+            // instead of by systemd, this call will still work but the next accept call on the
+            // UnixListener will generate a Linux error 9 (Bad file number), as checked below.
+            unsafe {
+                self.listener = Some(UnixListener::from_raw_fd(3));
+            }
+        } else {
+            let socket = Path::new(SOCKET_PATH);
 
-        if socket.exists() {
-            fs::remove_file(&socket).unwrap();
-        }
+            if socket.exists() {
+                fs::remove_file(&socket).unwrap();
+            }
 
-        let listener_val = match UnixListener::bind(SOCKET_PATH) {
-            Ok(listener) => listener,
-            Err(err) => panic!(err),
-        };
+            let listener_val = match UnixListener::bind(SOCKET_PATH) {
+                Ok(listener) => listener,
+                Err(err) => panic!(err),
+            };
 
-        // Set the socket as non-blocking.
-        listener_val
-            .set_nonblocking(true)
-            .expect("Could not set the socket as non-blocking");
+            // Set the socket as non-blocking.
+            listener_val
+                .set_nonblocking(true)
+                .expect("Could not set the socket as non-blocking");
 
-        self.listener = Some(listener_val);
+            self.listener = Some(listener_val);
+        }
     }
 }
 
@@ -84,6 +97,16 @@ impl Listen for DomainSocketListener {
                     }
                 }
                 Err(err) => {
+                    if cfg!(feature = "systemd-daemon") {
+                        // When run as a systemd daemon, a file descriptor mapping to the Domain Socket
+                        // should have been passed to this process.
+                        if let Some(os_error) = err.raw_os_error() {
+                            // On Linux, 9 is EBADF (Bad file number)
+                            if os_error == 9 {
+                                panic!("The Unix Domain Socket file descriptor (number 3) should have been given to this process.");
+                            }
+                        }
+                    }
                     // Check if the error is because no connections are currently present.
                     if err.kind() != ErrorKind::WouldBlock {
                         // Only log the real errors.

src/front/domain_socket.rs

@@ -0,0 +1,8 @@
+[Unit]
+Description=PARSEC Service
+Documentation=https://github.com/parallaxsecond/parsec
+
+[Service]
+Type=notify
+NonBlocking=true
+ExecStart=/home/parsec/.cargo/bin/parsec

systemd-daemon/parsec.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=PARSEC Socket
+Documentation=https://github.com/parallaxsecond/parsec
+
+[Socket]
+ListenStream=/home/parsec/parsec.sock
+
+[Install]
+WantedBy=sockets.target