Re: [PATCH] sha1: add gnutls as a sha1 provider
On Tue, Nov 14, 2017 at 11:47 AM, Todd Zullinger <t...@pobox.com> wrote: > > Hi Shawn, > > Shawn Landden wrote: >> >> I think this is preferrable to bringing the assembly routines into the git >> code-base, as a way of getting access to these high-performance routines to >> a git available in Debian, Ubuntu, or Fedora (which all use BLK_SHA1=1 due >> to GPLv2 + OpenSSL license considerations, see Debian Bug #879459). > > > While it seems like it could be useful to have the choice of using the fast > SHA1 implementation without concern about licensing issues, there's a few > details I thought were worth mentioning. > > Fedora moved from OpenSSL SHA1 to BLK_SHA1 to reduce the size of the binaries > and dependencies, not due to licensing issues (Fedora considers OpenSSL a > system library and allows linking GPLv2 code). > > Fedora now uses the default DC_SHA1 (the collision-detecting SHA1 > implementation). DC_SHA1 is not, as far as I know, as fast as the > OpenSSL/GnuTLS SHA1, but it's safer given the increasingly successful attacks > against SHA1. I don't envision changing that to gain performance. (And, of > course, the speed of SHA1 should become less of an issue once git moves to a > new, stronger hash.) > > It looks like the Debian packages use the default DC_SHA1 implementation as > well. Regardless of the licensing concerns regarding OpenSSL in Debian, I > suspect they'll want to use the default, collision-detecting SHA1 > implementation. That doesn't mean a patch to add the option of GnuTLS isn't > useful though. > > Fedora does link with OpenSSL's libcrypto and libssl in Fedora for the > remote-curl helpers and imap-send. I believe the remote-curl helpers just > link with curl, which happens to use OpenSSL on Fedora and could use GnuTLS > instead. The imap-send command might also use curl and whatever crypto > library curl is built with too, but I'm not terribly familiar with imap-send. > (I think those are the only uses of libcrypto or libssl in Fedora's packages, > but I could be mistaken). > > That's a lot of text without having anything to say about the actual patch. > Hopefully it's at least mildly useful to you or others. :) It is all appreciated. I just want to make note that I am still interested in getting this patch in.
[PATCH] sha1: add gnutls as a sha1 provider
GNUTLS uses the same cryptograms SHA1 routines (Cryptograms)
by Andy Polyakov <ap...@openssl.org> as OpenSSL, but with a license
that is acceptable for downstream packagers.
This is not the cleanest way to use the GNUTLS library,
as it is reallocating the context every time, and GNUTLS itsself
fudges an OpenSSL CTX to use the cryptograms code, HOWEVER
in my benchmarks the code performs as well as both the OpenSSL library,
and my own integration of cryptograms with git.
I think this is preferrable to bringing the assembly routines into
the git code-base, as a way of getting access to these high-performance
routines to a git available in Debian, Ubuntu, or Fedora (which
all use BLK_SHA1=1 due to GPLv2 + OpenSSL license considerations,
see Debian Bug #879459).
I struggle with autotools, and I suspect something is wrong with that
part of the patch.
This laptop is ancient, Intel(R) Core(TM) i5 CPU M 520.
When I get arm64 hardware in a week I will update with new benchmarks.
Builtin (BLK_SHA1=1):
~/git/git$ time git fsck
Checking object directories: 100% (256/256), done.
Checking objects: 100% (238410/238410), done.
Checking connectivity: 236605, done.
real0m25.806s
user0m25.187s
sys 0m0.579s
This patch:
~/git/git$ time ./git fsck
Checking object directories: 100% (256/256), done.
Checking objects: 100% (238410/238410), done.
Checking connectivity: 236606, done.
real0m22.368s
user0m21.790s
sys 0m0.539s
Signed-off-by: Shawn Landden <sland...@gmail.com>
---
Makefile | 10 ++
configure.ac | 31 +++
gnutls-sha1/sha1.c | 25 +
gnutls-sha1/sha1.h | 12
hash.h | 2 ++
5 files changed, 80 insertions(+)
create mode 100644 gnutls-sha1/sha1.c
create mode 100644 gnutls-sha1/sha1.h
diff --git a/Makefile b/Makefile
index cd7598599..e23648dbd 100644
--- a/Makefile
+++ b/Makefile
@@ -1252,7 +1252,9 @@ ifndef NO_OPENSSL
endif
else
BASIC_CFLAGS += -DNO_OPENSSL
+ifndef GNUTLS_SHA1
BLK_SHA1 = 1
+endif
OPENSSL_LIBSSL =
endif
ifdef NO_OPENSSL
@@ -1481,6 +1483,11 @@ ifdef BLK_SHA1
LIB_OBJS += block-sha1/sha1.o
BASIC_CFLAGS += -DSHA1_BLK
else
+ifdef GNUTLS_SHA1
+ LIB_OBJS += gnutls-sha1/sha1.o
+ BASIC_CFLAGS += -DSHA1_GNUTLS
+ EXTLIBS += -lgnutls
+endif
ifdef PPC_SHA1
LIB_OBJS += ppc/sha1.o ppc/sha1ppc.o
BASIC_CFLAGS += -DSHA1_PPC
@@ -1488,6 +1495,8 @@ else
ifdef APPLE_COMMON_CRYPTO
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
BASIC_CFLAGS += -DSHA1_APPLE
+else
+ifdef GNUTLS_SHA1
else
DC_SHA1 := YesPlease
BASIC_CFLAGS += -DSHA1_DC
@@ -1506,6 +1515,7 @@ ifdef DC_SHA1_SUBMODULE
else
LIB_OBJS += sha1dc/sha1.o
LIB_OBJS += sha1dc/ubc_check.o
+endif
endif
BASIC_CFLAGS += \
-DSHA1DC_NO_STANDARD_INCLUDES \
diff --git a/configure.ac b/configure.ac
index 2f55237e6..109c4758d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -250,6 +250,23 @@ AS_HELP_STRING([--with-openssl],[use OpenSSL library
(default is YES)])
AS_HELP_STRING([], [ARG can be prefix for openssl library and
headers]),
GIT_PARSE_WITH([openssl]))
+# Define GNUTLS_SHA1 if you have and want to use libgnutls. This offers
+# similar sha1 routines as openssl.
+AC_ARG_WITH(gnutls,
+AS_HELP_STRING([--with-gnutls],[use GNUTLS library (default is YES)]),
+if test "$withval" = "no"; then
+USE_GNUTLS=
+elif test "$withval" = "yes"; then
+ USE_GNUTLS=YesPlease
+else
+ USE_GNUTLS=YesPlease
+ LIBGNUTLSDIR=$withval
+ AC_MSG_NOTICE([Setting LIBGNUTLSDIR to $LIBGNUTLSDIR])
+dnl USE_LIBGNUTLS can still be modified below, so don't substitute
+dnl it yet.
+ GIT_CONF_SUBST([LIBGNUTLSDIR])
+fi)
+
# Define USE_LIBPCRE if you have and want to use libpcre. Various
# commands such as log and grep offer runtime options to use
# Perl-compatible regular expressions instead of standard or extended
@@ -540,6 +557,20 @@ GIT_UNSTASH_FLAGS($OPENSSLDIR)
GIT_CONF_SUBST([NEEDS_SSL_WITH_CRYPTO])
GIT_CONF_SUBST([NO_OPENSSL])
+#
+# Handle USE_GNUTLS from above
+#
+if test -n "$USE_GNUTLS"; then
+
+GIT_STASH_FLAGS($LIBGNUTLSDIR)
+
+AC_CHECK_LIB([gnutls], [gnutls_hash_init],
+[GNUTLS_SHA1=YesPlease],
+[GNUTLS_SHA1=])
+
+GIT_UNSTASH_FLAGS($LIBGNUTLSDIR)
+
+fi
#
# Handle the USE_LIBPCRE1 and USE_LIBPCRE2 options potentially set
# above.
diff --git a/gnutls-sha1/sha1.c b/gnutls-sha1/sha1.c
new file mode 100644
index 0..f7ede4ddf
--- /dev/null
+++ b/gnutls-sha1/sha1.c
@@ -0,0 +1,25 @@
+/* this is only to get definitions for memcpy(), ntohl() and htonl() */
+#include "../git-compat-util.h"
+
+#include
+#include
+
+#include "sha1.h"
+
+void gnutls_SHA1_Init(gnutls_SHA_CTX *ctx)
+{
+ int ret;
+ ret = gnutls_hash_init((void *) &
[v7 PATCH] daemon: add systemd support
git-daemon's --systemd mode allows git-daemon to be connect-activated on one or more addresses or ports. Unlike --inetd[1], git-daemon is not spawned for every connection. [1]which systemd is compatible with using its Accept=yes mode Signed-off-by: Shawn Landden sh...@churchofgit.com --- Repond to Eric Sunshine's review of v6 More documentation. Documentation/git-daemon.txt | 49 +++- Makefile | 10 + daemon.c | 46 +++-- 3 files changed, 94 insertions(+), 11 deletions(-) diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index a69b361..0eab51b 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -19,7 +19,8 @@ SYNOPSIS [--access-hook=path] [--[no-]informative-errors] [--inetd | [--listen=host_or_ipaddr] [--port=n] - [--user=user [--group=group]]] + [--systemd | + [--user=user [--group=group]]] [directory...] DESCRIPTION @@ -81,8 +82,8 @@ OPTIONS --inetd:: Have the server run as an inetd service. Implies --syslog. - Incompatible with --detach, --port, --listen, --user and --group - options. + Incompatible with --systemd, --detach, --port, --listen, --user and + --group options. --listen=host_or_ipaddr:: Listen on a specific IP address or hostname. IP addresses can @@ -146,8 +147,8 @@ OPTIONS the option are given to `getpwnam(3)` and `getgrnam(3)` and numeric IDs are not supported. + -Giving these options is an error when used with `--inetd`; use -the facility of inet daemon to achieve the same before spawning +Giving these options is an error when used with `--inetd` or `--systemd`; use +the facility of systemd or the inet daemon to achieve the same before spawning 'git daemon' if needed. + Like many programs that switch user id, the daemon does not reset @@ -180,6 +181,16 @@ Git configuration files in that directory are readable by `user`. errors are not enabled, all errors report access denied to the client. The default is --no-informative-errors. +--systemd:: + For running git-daemon under systemd(1) which will pass + an open connection. This is similar to --inetd, except + that more than one address/port can be listened to at once + both through systemd and through --listen/--port, and git-daemon + doesn't get invoked for every connection, but only the first. + For more details see systemd.socket(5). Incompatible with + --inetd, --detach, --user and --group options. + Works with the session manager (systemd --user) too. + --access-hook=path:: Every time a client connects, first run an external command specified by the path with service name (e.g. upload-pack), @@ -305,6 +316,34 @@ selectively enable/disable services per repository:: uploadarch = true +systemd configuration example:: +Example systemd configuration files, typically placed in `/etc/systemd/system` +or `$HOME/.config/systemd/user`. ++ +`git-daemon.socket` ++ + +[Unit] +Description=Git Daemon socket + +[Socket] +ListenStream=9418 + +[Install] +WantedBy=sockets.target + ++ +`git-daemon.service` ++ + +[Unit] +Description=Git Daemon + +[Service] +ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr --base-path=/var/lib /var/lib/git +User=git-daemon +StandardError=null + ENVIRONMENT --- diff --git a/Makefile b/Makefile index 5f3987f..415ac21 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ all:: # Define NO_EXPAT if you do not have expat installed. git-http-push is # not built, and you cannot push using http:// and https:// transports (dumb). # +# Define NO_SYSTEMD to prevent systemd socket activation support from being +# built into git-daemon. +# # Define EXPATDIR=/foo/bar if your expat header and library files are in # /foo/bar/include and /foo/bar/lib directories. # @@ -995,6 +998,13 @@ ifeq ($(uname_S),Darwin) PTHREAD_LIBS = endif +ifndef NO_SYSTEMD + ifeq ($(shell echo \#include systemd/sd-daemon.h | $(CC) -E - -o /dev/null 2/dev/null echo y),y) + BASIC_CFLAGS += -DHAVE_SYSTEMD + EXTLIBS += -lsystemd + endif +endif + ifndef CC_LD_DYNPATH ifdef NO_R_TO_GCC_LINKER # Some gcc does not accept and pass -R to the linker to specify diff --git a/daemon.c b/daemon.c index 9ee2187..9880858 100644 --- a/daemon.c +++ b/daemon.c @@ -1,3 +1,7 @@ +#ifdef HAVE_SYSTEMD +# include systemd/sd
[v7 PATCH] daemon: add systemd support
git-daemon's --systemd mode allows git-daemon to be connect-activated on one or more addresses or ports. Unlike --inetd[1], git-daemon is not spawned for every connection. [1]which systemd is compatible with using its Accept=yes mode Signed-off-by: Shawn Landden sh...@churchofgit.com --- Repond to Eric Sunshine's review of v6 More documentation. Documentation/git-daemon.txt | 49 +++- Makefile | 10 + daemon.c | 46 +++-- 3 files changed, 94 insertions(+), 11 deletions(-) diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index a69b361..0eab51b 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -19,7 +19,8 @@ SYNOPSIS [--access-hook=path] [--[no-]informative-errors] [--inetd | [--listen=host_or_ipaddr] [--port=n] - [--user=user [--group=group]]] + [--systemd | + [--user=user [--group=group]]] [directory...] DESCRIPTION @@ -81,8 +82,8 @@ OPTIONS --inetd:: Have the server run as an inetd service. Implies --syslog. - Incompatible with --detach, --port, --listen, --user and --group - options. + Incompatible with --systemd, --detach, --port, --listen, --user and + --group options. --listen=host_or_ipaddr:: Listen on a specific IP address or hostname. IP addresses can @@ -146,8 +147,8 @@ OPTIONS the option are given to `getpwnam(3)` and `getgrnam(3)` and numeric IDs are not supported. + -Giving these options is an error when used with `--inetd`; use -the facility of inet daemon to achieve the same before spawning +Giving these options is an error when used with `--inetd` or `--systemd`; use +the facility of systemd or the inet daemon to achieve the same before spawning 'git daemon' if needed. + Like many programs that switch user id, the daemon does not reset @@ -180,6 +181,16 @@ Git configuration files in that directory are readable by `user`. errors are not enabled, all errors report access denied to the client. The default is --no-informative-errors. +--systemd:: + For running git-daemon under systemd(1) which will pass + an open connection. This is similar to --inetd, except + that more than one address/port can be listened to at once + both through systemd and through --listen/--port, and git-daemon + doesn't get invoked for every connection, but only the first. + For more details see systemd.socket(5). Incompatible with + --inetd, --detach, --user and --group options. + Works with the session manager (systemd --user) too. + --access-hook=path:: Every time a client connects, first run an external command specified by the path with service name (e.g. upload-pack), @@ -305,6 +316,34 @@ selectively enable/disable services per repository:: uploadarch = true +systemd configuration example:: +Example systemd configuration files, typically placed in `/etc/systemd/system` +or `$HOME/.config/systemd/user`. ++ +`git-daemon.socket` ++ + +[Unit] +Description=Git Daemon socket + +[Socket] +ListenStream=9418 + +[Install] +WantedBy=sockets.target + ++ +`git-daemon.service` ++ + +[Unit] +Description=Git Daemon + +[Service] +ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr --base-path=/var/lib /var/lib/git +User=git-daemon +StandardError=null + ENVIRONMENT --- diff --git a/Makefile b/Makefile index 5f3987f..415ac21 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ all:: # Define NO_EXPAT if you do not have expat installed. git-http-push is # not built, and you cannot push using http:// and https:// transports (dumb). # +# Define NO_SYSTEMD to prevent systemd socket activation support from being +# built into git-daemon. +# # Define EXPATDIR=/foo/bar if your expat header and library files are in # /foo/bar/include and /foo/bar/lib directories. # @@ -995,6 +998,13 @@ ifeq ($(uname_S),Darwin) PTHREAD_LIBS = endif +ifndef NO_SYSTEMD + ifeq ($(shell echo \#include systemd/sd-daemon.h | $(CC) -E - -o /dev/null 2/dev/null echo y),y) + BASIC_CFLAGS += -DHAVE_SYSTEMD + EXTLIBS += -lsystemd + endif +endif + ifndef CC_LD_DYNPATH ifdef NO_R_TO_GCC_LINKER # Some gcc does not accept and pass -R to the linker to specify diff --git a/daemon.c b/daemon.c index 9ee2187..9880858 100644 --- a/daemon.c +++ b/daemon.c @@ -1,3 +1,7 @@ +#ifdef HAVE_SYSTEMD +# include systemd/sd
[v6 PATCH] daemon: add systemd support
systemd supports git-daemon's existing --inetd mode as well. --systemd allows git-daemon has the advantage of allowing one git-daemon to listen to multiple interfaces as well as the system one(s), and more allow git-daemon to not be spawned on every connection. Signed-off-by: Shawn Landden sh...@churchofgit.com --- Respond to review by Eric Sunshine here: http://marc.info/?l=gitm=142836529908207w=2 I formatted the example files to mimic `systemctl show` output, but what was suggested is better. Documentation/git-daemon.txt | 47 +++- Makefile | 10 ++ daemon.c | 46 +-- 3 files changed, 92 insertions(+), 11 deletions(-) diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index a69b361..3a7a0b1 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -19,7 +19,8 @@ SYNOPSIS [--access-hook=path] [--[no-]informative-errors] [--inetd | [--listen=host_or_ipaddr] [--port=n] - [--user=user [--group=group]]] + [--systemd | + [--user=user [--group=group]]] [directory...] DESCRIPTION @@ -81,8 +82,8 @@ OPTIONS --inetd:: Have the server run as an inetd service. Implies --syslog. - Incompatible with --detach, --port, --listen, --user and --group - options. + Incompatible with --systemd, --detach, --port, --listen, --user and + --group options. --listen=host_or_ipaddr:: Listen on a specific IP address or hostname. IP addresses can @@ -146,8 +147,8 @@ OPTIONS the option are given to `getpwnam(3)` and `getgrnam(3)` and numeric IDs are not supported. + -Giving these options is an error when used with `--inetd`; use -the facility of inet daemon to achieve the same before spawning +Giving these options is an error when used with `--inetd` or `--systemd`; use +the facility of systemd or the inet daemon to achieve the same before spawning 'git daemon' if needed. + Like many programs that switch user id, the daemon does not reset @@ -180,6 +181,14 @@ Git configuration files in that directory are readable by `user`. errors are not enabled, all errors report access denied to the client. The default is --no-informative-errors. +--systemd:: + For running git-daemon under systemd(1) which will pass + an open connection. This is similar to --inetd, except + that more than one address/port can be listened to at once + both through systemd and through --listen, and git-daemon doesn't get + invoked for every connection. For more details see systemd.socket(5). + Incompatible with --inetd, --detach, --user and --group options. + --access-hook=path:: Every time a client connects, first run an external command specified by the path with service name (e.g. upload-pack), @@ -304,7 +313,35 @@ selectively enable/disable services per repository:: uploadpack = false uploadarch = true ++ +systemd configuration example:: +Example systemd configuration files, typically placed in `/etc/systemd/system`. ++ +`git-daemon.socket` ++ + +# /etc/systemd/system/git-daemon.socket +[Unit] +Description=Git Daemon socket + +[Socket] +ListenStream=9418 + +[Install] +WantedBy=sockets.target + ++ +`git-daemon.service` ++ + +[Unit] +Description=Git Daemon +[Service] +ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr --base-path=/var/lib /var/lib/git +User=git-daemon +StandardError=null + ENVIRONMENT --- diff --git a/Makefile b/Makefile index 5f3987f..415ac21 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ all:: # Define NO_EXPAT if you do not have expat installed. git-http-push is # not built, and you cannot push using http:// and https:// transports (dumb). # +# Define NO_SYSTEMD to prevent systemd socket activation support from being +# built into git-daemon. +# # Define EXPATDIR=/foo/bar if your expat header and library files are in # /foo/bar/include and /foo/bar/lib directories. # @@ -995,6 +998,13 @@ ifeq ($(uname_S),Darwin) PTHREAD_LIBS = endif +ifndef NO_SYSTEMD + ifeq ($(shell echo \#include systemd/sd-daemon.h | $(CC) -E - -o /dev/null 2/dev/null echo y),y) + BASIC_CFLAGS += -DHAVE_SYSTEMD + EXTLIBS += -lsystemd + endif +endif + ifndef CC_LD_DYNPATH ifdef NO_R_TO_GCC_LINKER # Some gcc does not accept and pass -R to the linker to specify diff --git a/daemon.c b/daemon.c index 9ee2187..9880858
[v3RFC] systemd socket activation support
systemd supports git-daemon's existing --inetd mode as well. v2: actually test... v3: make optional, switch to libsystemd shawn@zephyr:~/git/git$ ldd /lib/x86_64-linux-gnu/libsystemd.so.0 linux-vdso.so.1 (0x7ffeba7ec000) libcap.so.2 = /lib/x86_64-linux-gnu/libcap.so.2 (0x7fea158fe000) libm.so.6 = /lib/x86_64-linux-gnu/libm.so.6 (0x7fea155f9000) librt.so.1 = /lib/x86_64-linux-gnu/librt.so.1 (0x7fea153f) libselinux.so.1 = /lib/x86_64-linux-gnu/libselinux.so.1 (0x7fea151cb000) liblzma.so.5 = /lib/x86_64-linux-gnu/liblzma.so.5 (0x7fea14fa8000) libgcrypt.so.20 = /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x7fea14cc5000) libresolv.so.2 = /lib/x86_64-linux-gnu/libresolv.so.2 (0x7fea14aae000) libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7fea148aa000) libpthread.so.0 = /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fea1468b000) libc.so.6 = /lib/x86_64-linux-gnu/libc.so.6 (0x7fea142e7000) /lib64/ld-linux-x86-64.so.2 (0x7fea15d5b000) libattr.so.1 = /lib/x86_64-linux-gnu/libattr.so.1 (0x7fea140e2000) libpcre.so.3 = /lib/x86_64-linux-gnu/libpcre.so.3 (0x7fea13e73000) libgpg-error.so.0 = /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x7fea13c61000) ew...and only for two tiny functions. Signed-off-by: Shawn Landden sh...@churchofgit.com --- Documentation/git-daemon.txt | 25 Makefile | 14 -- daemon.c | 46 ++-- 3 files changed, 77 insertions(+), 8 deletions(-) diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index a69b361..898e01f 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -20,6 +20,7 @@ SYNOPSIS [--inetd | [--listen=host_or_ipaddr] [--port=n] [--user=user [--group=group]]] + [--systemd] [directory...] DESCRIPTION @@ -190,6 +191,12 @@ Git configuration files in that directory are readable by `user`. exiting with a zero status). It can also look at the $REMOTE_ADDR and $REMOTE_PORT environment variables to learn about the requestor when making this decision. +--systemd:: + For running git-daemon under systemd(1) which will pass + an open connection. This is similar to --inetd, except + that more than one address/port can be listened to at once + both through systemd and through --listen, and git-daemon doesn't get + invoked for every connection. For more details see systemd.socket(5). + The external command can optionally write a single line to its standard output to be sent to the requestor as an error message when @@ -304,7 +311,25 @@ selectively enable/disable services per repository:: uploadpack = false uploadarch = true ++ +systemd configuration example: + +# /etc/systemd/system/git-daemon.socket +[Unit] +Description=Git Daemon socket + +[Socket] +ListenStream=9418 + +[Install] +WantedBy=sockets.target +# /etc/systemd/system/git-daemon.service +[Unit] +Description=Git Daemon +[Service] +ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr --base-path=/var/lib /var/lib/git +User=gitdaemon ENVIRONMENT --- diff --git a/Makefile b/Makefile index 5f3987f..362af94 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ all:: # Define NO_EXPAT if you do not have expat installed. git-http-push is # not built, and you cannot push using http:// and https:// transports (dumb). # +# Define NO_SYSTEMD to prevent systemd socket activation support from being +# built into git-daemon. +# # Define EXPATDIR=/foo/bar if your expat header and library files are in # /foo/bar/include and /foo/bar/lib directories. # @@ -995,6 +998,13 @@ ifeq ($(uname_S),Darwin) PTHREAD_LIBS = endif +ifndef NO_SYSTEMD + ifeq ($(shell echo \#include systemd/sd-daemon.h | $(CC) -E - -o /dev/null echo y),y) + BASIC_CFLAGS += -DHAVE_SYSTEMD + EXTLIBS += -lsystemd + endif +endif + ifndef CC_LD_DYNPATH ifdef NO_R_TO_GCC_LINKER # Some gcc does not accept and pass -R to the linker to specify @@ -1403,8 +1413,8 @@ ifdef NATIVE_CRLF endif ifdef USE_NED_ALLOCATOR - COMPAT_CFLAGS += -Icompat/nedmalloc - COMPAT_OBJS += compat/nedmalloc/nedmalloc.o + COMPAT_CFLAGS += -Icompat/nedmalloc + COMPAT_OBJS += compat/nedmalloc/nedmalloc.o endif ifdef GIT_TEST_CMP_USE_COPIED_CONTEXT diff --git a/daemon.c b/daemon.c index 9ee2187..16b9eda 100644 --- a/daemon.c +++ b/daemon.c @@ -1,3 +1,7 @@ +#ifdef HAVE_SYSTEMD +# include systemd/sd-daemon.h +#endif + #include cache.h #include pkt-line.h #include exec_cmd.h @@ -29,6 +33,9 @@ static const char daemon_usage
[RFCv4 PATCH] daemon: add systemd support
systemd supports git-daemon's existing --inetd mode as well. Signed-off-by: Shawn Landden sh...@churchofgit.com --- Documentation/git-daemon.txt | 41 +++- Makefile | 14 -- daemon.c | 45 ++-- 3 files changed, 87 insertions(+), 13 deletions(-) Respond to review in http://article.gmane.org/gmane.comp.version-control.git/266650 I did not indent the example documents as that was for inetd, and that would break copy/paste. These are all documentation changes, no functional differences. (Well, the example gained StandardError=null to match --inetd) diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index a69b361..a273565 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -18,7 +18,7 @@ SYNOPSIS [--allow-override=service] [--forbid-override=service] [--access-hook=path] [--[no-]informative-errors] [--inetd | - [--listen=host_or_ipaddr] [--port=n] + [--listen=host_or_ipaddr] [--port=n] [--systemd] [--user=user [--group=group]]] [directory...] @@ -81,8 +81,8 @@ OPTIONS --inetd:: Have the server run as an inetd service. Implies --syslog. - Incompatible with --detach, --port, --listen, --user and --group - options. + Incompatible with --systemd, --detach, --port, --listen, --user and + --group options. --listen=host_or_ipaddr:: Listen on a specific IP address or hostname. IP addresses can @@ -146,8 +146,8 @@ OPTIONS the option are given to `getpwnam(3)` and `getgrnam(3)` and numeric IDs are not supported. + -Giving these options is an error when used with `--inetd`; use -the facility of inet daemon to achieve the same before spawning +Giving these options is an error when used with `--inetd` or `--systemd`; use +the facility of systemd or the inet daemon to achieve the same before spawning 'git daemon' if needed. + Like many programs that switch user id, the daemon does not reset @@ -180,6 +180,14 @@ Git configuration files in that directory are readable by `user`. errors are not enabled, all errors report access denied to the client. The default is --no-informative-errors. +--systemd:: + For running git-daemon under systemd(1) which will pass + an open connection. This is similar to --inetd, except + that more than one address/port can be listened to at once + both through systemd and through --listen, and git-daemon doesn't get + invoked for every connection. For more details see systemd.socket(5). + Incompatible with --inetd, --detach, --user and --group options. + --access-hook=path:: Every time a client connects, first run an external command specified by the path with service name (e.g. upload-pack), @@ -304,7 +312,30 @@ selectively enable/disable services per repository:: uploadpack = false uploadarch = true ++ + +systemd configuration example:: ++ + +# /etc/systemd/system/git-daemon.socket +[Unit] +Description=Git Daemon socket +[Socket] +ListenStream=9418 + +[Install] +WantedBy=sockets.target + +# /etc/systemd/system/git-daemon.service +[Unit] +Description=Git Daemon + +[Service] +ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr --base-path=/var/lib /var/lib/git +User=git-daemon +StandardError=null + ENVIRONMENT --- diff --git a/Makefile b/Makefile index 5f3987f..644db71 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ all:: # Define NO_EXPAT if you do not have expat installed. git-http-push is # not built, and you cannot push using http:// and https:// transports (dumb). # +# Define NO_SYSTEMD to prevent systemd socket activation support from being +# built into git-daemon. +# # Define EXPATDIR=/foo/bar if your expat header and library files are in # /foo/bar/include and /foo/bar/lib directories. # @@ -995,6 +998,13 @@ ifeq ($(uname_S),Darwin) PTHREAD_LIBS = endif +ifndef NO_SYSTEMD + ifeq ($(shell echo \#include systemd/sd-daemon.h | $(CC) -E - -o /dev/null echo y),y) + BASIC_CFLAGS += -DHAVE_SYSTEMD + EXTLIBS += -lsystemd + endif +endif + ifndef CC_LD_DYNPATH ifdef NO_R_TO_GCC_LINKER # Some gcc does not accept and pass -R to the linker to specify @@ -1403,8 +1413,8 @@ ifdef NATIVE_CRLF endif ifdef USE_NED_ALLOCATOR - COMPAT_CFLAGS += -Icompat/nedmalloc - COMPAT_OBJS += compat/nedmalloc/nedmalloc.o +COMPAT_CFLAGS += -Icompat/nedmalloc +COMPAT_OBJS += compat/nedmalloc/nedmalloc.o endif ifdef
[RFCv5 PATCH] daemon: add systemd support
systemd supports git-daemon's existing --inetd mode as well. Signed-off-by: Shawn Landden sh...@churchofgit.com --- Documentation/git-daemon.txt | 41 +++- Makefile | 10 ++ daemon.c | 45 ++-- 3 files changed, 85 insertions(+), 11 deletions(-) Respond to review in http://article.gmane.org/gmane.comp.version-control.git/266650 I did not indent the example documents as that was for inetd, and that would break copy/paste. These are all documentation changes, no functional differences. (Well, the example gained StandardError=null to match --inetd) v5: do not change whitespace of Makefile diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index a69b361..a273565 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -18,7 +18,7 @@ SYNOPSIS [--allow-override=service] [--forbid-override=service] [--access-hook=path] [--[no-]informative-errors] [--inetd | - [--listen=host_or_ipaddr] [--port=n] + [--listen=host_or_ipaddr] [--port=n] [--systemd] [--user=user [--group=group]]] [directory...] @@ -81,8 +81,8 @@ OPTIONS --inetd:: Have the server run as an inetd service. Implies --syslog. - Incompatible with --detach, --port, --listen, --user and --group - options. + Incompatible with --systemd, --detach, --port, --listen, --user and + --group options. --listen=host_or_ipaddr:: Listen on a specific IP address or hostname. IP addresses can @@ -146,8 +146,8 @@ OPTIONS the option are given to `getpwnam(3)` and `getgrnam(3)` and numeric IDs are not supported. + -Giving these options is an error when used with `--inetd`; use -the facility of inet daemon to achieve the same before spawning +Giving these options is an error when used with `--inetd` or `--systemd`; use +the facility of systemd or the inet daemon to achieve the same before spawning 'git daemon' if needed. + Like many programs that switch user id, the daemon does not reset @@ -180,6 +180,14 @@ Git configuration files in that directory are readable by `user`. errors are not enabled, all errors report access denied to the client. The default is --no-informative-errors. +--systemd:: + For running git-daemon under systemd(1) which will pass + an open connection. This is similar to --inetd, except + that more than one address/port can be listened to at once + both through systemd and through --listen, and git-daemon doesn't get + invoked for every connection. For more details see systemd.socket(5). + Incompatible with --inetd, --detach, --user and --group options. + --access-hook=path:: Every time a client connects, first run an external command specified by the path with service name (e.g. upload-pack), @@ -304,7 +312,30 @@ selectively enable/disable services per repository:: uploadpack = false uploadarch = true ++ + +systemd configuration example:: ++ + +# /etc/systemd/system/git-daemon.socket +[Unit] +Description=Git Daemon socket +[Socket] +ListenStream=9418 + +[Install] +WantedBy=sockets.target + +# /etc/systemd/system/git-daemon.service +[Unit] +Description=Git Daemon + +[Service] +ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr --base-path=/var/lib /var/lib/git +User=git-daemon +StandardError=null + ENVIRONMENT --- diff --git a/Makefile b/Makefile index 5f3987f..83f5d8e 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ all:: # Define NO_EXPAT if you do not have expat installed. git-http-push is # not built, and you cannot push using http:// and https:// transports (dumb). # +# Define NO_SYSTEMD to prevent systemd socket activation support from being +# built into git-daemon. +# # Define EXPATDIR=/foo/bar if your expat header and library files are in # /foo/bar/include and /foo/bar/lib directories. # @@ -995,6 +998,13 @@ ifeq ($(uname_S),Darwin) PTHREAD_LIBS = endif +ifndef NO_SYSTEMD + ifeq ($(shell echo \#include systemd/sd-daemon.h | $(CC) -E - -o /dev/null echo y),y) + BASIC_CFLAGS += -DHAVE_SYSTEMD + EXTLIBS += -lsystemd + endif +endif + ifndef CC_LD_DYNPATH ifdef NO_R_TO_GCC_LINKER # Some gcc does not accept and pass -R to the linker to specify diff --git a/daemon.c b/daemon.c index 9ee2187..ad8a79a 100644 --- a/daemon.c +++ b/daemon.c @@ -1,3 +1,7 @@ +#ifdef HAVE_SYSTEMD +# include systemd/sd-daemon.h +#endif + #include cache.h #include pkt-line.h #include exec_cmd.h @@ -29,6 +33,9 @@ static const char
[PATCH] systemd socket activation support
From: Shawn Landden shawnland...@gmail.com
v1.1: actually test...
Signed-off-by: Shawn Landden sh...@churchofgit.com
---
daemon.c | 35 +++---
git-daemon.service | 7 +++
git-daemon.socket | 9
sd-daemon.c| 132 +
sd-daemon.h| 91
5 files changed, 268 insertions(+), 6 deletions(-)
create mode 100644 git-daemon.service
create mode 100644 git-daemon.socket
create mode 100644 sd-daemon.c
create mode 100644 sd-daemon.h
diff --git a/daemon.c b/daemon.c
index 9ee2187..4677058 100644
--- a/daemon.c
+++ b/daemon.c
@@ -5,6 +5,8 @@
#include strbuf.h
#include string-list.h
+#include sd-daemon.c
+
#ifndef HOST_NAME_MAX
#define HOST_NAME_MAX 256
#endif
@@ -29,6 +31,7 @@ static const char daemon_usage[] =
[--access-hook=path]\n
[--inetd | [--listen=host_or_ipaddr] [--port=n]\n
[--detach] [--user=user [--group=group]]\n
+ [--systemd]\n
[directory...];
/* List of acceptable pathname prefixes */
@@ -1176,11 +1179,21 @@ static void store_pid(const char *path)
}
static int serve(struct string_list *listen_addr, int listen_port,
-struct credentials *cred)
+struct credentials *cred, int systemd_mode)
{
struct socketlist socklist = { NULL, 0, 0 };
+ int i;
+ int n;
+
+ if (systemd_mode) {
+ n = sd_listen_fds(0);
+ ALLOC_GROW(socklist.list, socklist.nr + n, socklist.alloc);
+ for (i = 0; i n; i++)
+ socklist.list[socklist.nr++] = SD_LISTEN_FDS_START + i;
+ }
- socksetup(listen_addr, listen_port, socklist);
+ if (listen_addr-nr 0 || !systemd_mode)
+ socksetup(listen_addr, listen_port, socklist);
if (socklist.nr == 0)
die(unable to allocate any listen sockets on port %u,
listen_port);
@@ -1196,7 +1209,7 @@ int main(int argc, char **argv)
{
int listen_port = 0;
struct string_list listen_addr = STRING_LIST_INIT_NODUP;
- int serve_mode = 0, inetd_mode = 0;
+ int serve_mode = 0, inetd_mode = 0, systemd_mode = 0;
const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
int detach = 0;
struct credentials *cred = NULL;
@@ -1331,6 +1344,10 @@ int main(int argc, char **argv)
informative_errors = 0;
continue;
}
+ if (!strcmp(arg, --systemd)) {
+ systemd_mode = 1;
+ continue;
+ }
if (!strcmp(arg, --)) {
ok_paths = argv[i+1];
break;
@@ -1349,14 +1366,20 @@ int main(int argc, char **argv)
/* avoid splitting a message in the middle */
setvbuf(stderr, NULL, _IOFBF, 4096);
- if (inetd_mode (detach || group_name || user_name))
- die(--detach, --user and --group are incompatible with
--inetd);
+ if ((inetd_mode || systemd_mode) (detach || group_name || user_name))
+ die(--detach, --user and --group are incompatible with --inetd
and --systemd);
+
+ if (systemd_mode inetd_mode)
+ die(--inetd is incompatible with --systemd);
if (inetd_mode (listen_port || (listen_addr.nr 0)))
die(--listen= and --port= are incompatible with --inetd);
else if (listen_port == 0)
listen_port = DEFAULT_GIT_PORT;
+ if (systemd_mode !sd_booted())
+ die(--systemd passed and not running from systemd);
+
if (group_name !user_name)
die(--group supplied without --user);
@@ -1395,5 +1418,5 @@ int main(int argc, char **argv)
cld_argv[i+1] = argv[i];
cld_argv[argc+1] = NULL;
- return serve(listen_addr, listen_port, cred);
+ return serve(listen_addr, listen_port, cred, systemd_mode);
}
diff --git a/git-daemon.service b/git-daemon.service
new file mode 100644
index 000..b0c99f3
--- /dev/null
+++ b/git-daemon.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Git Daemon
+
+[Service]
+ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr
--base-path=/var/lib /var/lib/git
+User=gitdaemon
+
diff --git a/git-daemon.socket b/git-daemon.socket
new file mode 100644
index 000..b3dd981
--- /dev/null
+++ b/git-daemon.socket
@@ -0,0 +1,9 @@
+[Unit]
+Description=Git Daemon socket
+
+[Socket]
+ListenStream=9418
+
+[Install]
+WantedBy=sockets.target
+
diff --git a/sd-daemon.c b/sd-daemon.c
new file mode 100644
index 000..653fbf5
--- /dev/null
+++ b/sd-daemon.c
@@ -0,0 +1,132 @@
+/* stripped down version */
+/***
+ Copyright 2010 Lennart Poettering
+
+ Permission is hereby granted, free of charge, to any person
+ obtaining a copy of this software and associated documentation files
[RFC 2] systemd socket activation support
systemd support git-daemon's --inetd mode as well.
v2: actually test...
Signed-off-by: Shawn Landden sh...@churchofgit.com
---
Documentation/git-daemon.txt | 25 +++
Makefile | 1 +
daemon.c | 35 --
sd-daemon.c | 152 +++
sd-daemon.h | 104 +
5 files changed, 311 insertions(+), 6 deletions(-)
create mode 100644 sd-daemon.c
create mode 100644 sd-daemon.h
diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt
index a69b361..898e01f 100644
--- a/Documentation/git-daemon.txt
+++ b/Documentation/git-daemon.txt
@@ -20,6 +20,7 @@ SYNOPSIS
[--inetd |
[--listen=host_or_ipaddr] [--port=n]
[--user=user [--group=group]]]
+ [--systemd]
[directory...]
DESCRIPTION
@@ -190,6 +191,12 @@ Git configuration files in that directory are readable by
`user`.
exiting with a zero status). It can also look at the $REMOTE_ADDR
and $REMOTE_PORT environment variables to learn about the
requestor when making this decision.
+--systemd::
+ For running git-daemon under systemd(1) which will pass
+ an open connection. This is similar to --inetd, except
+ that more than one address/port can be listened to at once
+ both through systemd and through --listen, and git-daemon doesn't get
+ invoked for every connection. For more details see systemd.socket(5).
+
The external command can optionally write a single line to its
standard output to be sent to the requestor as an error message when
@@ -304,7 +311,25 @@ selectively enable/disable services per repository::
uploadpack = false
uploadarch = true
++
+systemd configuration example:
+
+# /etc/systemd/system/git-daemon.socket
+[Unit]
+Description=Git Daemon socket
+
+[Socket]
+ListenStream=9418
+
+[Install]
+WantedBy=sockets.target
+# /etc/systemd/system/git-daemon.service
+[Unit]
+Description=Git Daemon
+[Service]
+ExecStart=/usr/lib/git-core/git-daemon --systemd --reuseaddr
--base-path=/var/lib /var/lib/git
+User=gitdaemon
ENVIRONMENT
---
diff --git a/Makefile b/Makefile
index 5f3987f..4a813b9 100644
--- a/Makefile
+++ b/Makefile
@@ -765,6 +765,7 @@ LIB_OBJS += rerere.o
LIB_OBJS += resolve-undo.o
LIB_OBJS += revision.o
LIB_OBJS += run-command.o
+LIB_OBJS += sd-daemon.o
LIB_OBJS += send-pack.o
LIB_OBJS += sequencer.o
LIB_OBJS += server-info.o
diff --git a/daemon.c b/daemon.c
index 9ee2187..e809a4c 100644
--- a/daemon.c
+++ b/daemon.c
@@ -4,6 +4,7 @@
#include run-command.h
#include strbuf.h
#include string-list.h
+#include sd-daemon.h
#ifndef HOST_NAME_MAX
#define HOST_NAME_MAX 256
@@ -29,6 +30,7 @@ static const char daemon_usage[] =
[--access-hook=path]\n
[--inetd | [--listen=host_or_ipaddr] [--port=n]\n
[--detach] [--user=user [--group=group]]\n
+ [--systemd]\n
[directory...];
/* List of acceptable pathname prefixes */
@@ -1176,11 +1178,22 @@ static void store_pid(const char *path)
}
static int serve(struct string_list *listen_addr, int listen_port,
-struct credentials *cred)
+struct credentials *cred, int systemd_mode)
{
struct socketlist socklist = { NULL, 0, 0 };
- socksetup(listen_addr, listen_port, socklist);
+ if (systemd_mode) {
+ int i;
+ int n;
+
+ n = sd_listen_fds(0);
+ ALLOC_GROW(socklist.list, socklist.nr + n, socklist.alloc);
+ for (i = 0; i n; i++)
+ socklist.list[socklist.nr++] = SD_LISTEN_FDS_START + i;
+ }
+
+ if (listen_addr-nr 0 || !systemd_mode)
+ socksetup(listen_addr, listen_port, socklist);
if (socklist.nr == 0)
die(unable to allocate any listen sockets on port %u,
listen_port);
@@ -1196,7 +1209,7 @@ int main(int argc, char **argv)
{
int listen_port = 0;
struct string_list listen_addr = STRING_LIST_INIT_NODUP;
- int serve_mode = 0, inetd_mode = 0;
+ int serve_mode = 0, inetd_mode = 0, systemd_mode = 0;
const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
int detach = 0;
struct credentials *cred = NULL;
@@ -1331,6 +1344,10 @@ int main(int argc, char **argv)
informative_errors = 0;
continue;
}
+ if (!strcmp(arg, --systemd)) {
+ systemd_mode = 1;
+ continue;
+ }
if (!strcmp(arg, --)) {
ok_paths = argv[i+1];
break;
@@ -1349,14 +1366,20 @@ int main(int argc, char **argv)
/* avoid splitting a message
Re: [PATCH] systemd socket activation support
On Thu, Apr 2, 2015 at 8:47 AM, Junio C Hamano gits...@pobox.com wrote: Eric Sunshine sunsh...@sunshineco.com writes: On Wed, Apr 1, 2015 at 9:23 PM, Shawn Landden sh...@churchofgit.com wrote: From: Shawn Landden shawnland...@gmail.com [PATCH] systemd socket activation support This patch feels like an RFC rather than a properly fleshed-out submission. If so, indicate such in the subject. Also, mention the area you're touching, followed by a colon, followed by the summary of the change: [PATCH/RFC] daemon: add systemd support ... Everything Eric said ;-) Another thing is that this must be a build-time conditional. Not all platforms can use systemd in the first place, and some people may choose not to use it even if the platform is capable of. I was somewhat surprised that sd-daemon.c needed to be built on our side, not used from systemd support library, as what it did looked very common and not specific to our needs. I would have expected to see inclusion of sd-daemon.h with -lsystemd-daemon or something on the command line. There is a libsystemd, but when we are using so little of it it seems cleaner to being it to us instead. I can do that in the next patch along with build conditional. -- Shawn Landden -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] systemd socket activation support
From: Shawn Landden shawnland...@gmail.com
Signed-off-by: Shawn Landden sh...@churchofgit.com
---
daemon.c | 38 ---
git-daemon.service | 6 +++
git-daemon.socket | 9
sd-daemon.c| 132 +
sd-daemon.h| 91
5 files changed, 270 insertions(+), 6 deletions(-)
create mode 100644 git-daemon.service
create mode 100644 git-daemon.socket
create mode 100644 sd-daemon.c
create mode 100644 sd-daemon.h
diff --git a/daemon.c b/daemon.c
index 9ee2187..56b3cd4 100644
--- a/daemon.c
+++ b/daemon.c
@@ -5,6 +5,8 @@
#include strbuf.h
#include string-list.h
+#include sd-daemon.c
+
#ifndef HOST_NAME_MAX
#define HOST_NAME_MAX 256
#endif
@@ -29,6 +31,7 @@ static const char daemon_usage[] =
[--access-hook=path]\n
[--inetd | [--listen=host_or_ipaddr] [--port=n]\n
[--detach] [--user=user [--group=group]]\n
+ [--systemd]\n
[directory...];
/* List of acceptable pathname prefixes */
@@ -1176,11 +1179,21 @@ static void store_pid(const char *path)
}
static int serve(struct string_list *listen_addr, int listen_port,
-struct credentials *cred)
+struct credentials *cred, int systemd_mode)
{
struct socketlist socklist = { NULL, 0, 0 };
+ int i;
+ int n;
- socksetup(listen_addr, listen_port, socklist);
+ if (systemd_mode) {
+ n = sd_listen_fds(0);
+ ALLOC_GROW(socklist.list, socklist.nr + n, socklist.alloc);
+ for (i = 0; i n; i++)
+ socklist.list[socklist.nr++] = SD_LISTEN_FDS_START + i;
+ }
+
+ if (listen_addr || !systemd_mode)
+ socksetup(listen_addr, listen_port, socklist);
if (socklist.nr == 0)
die(unable to allocate any listen sockets on port %u,
listen_port);
@@ -1196,7 +1209,7 @@ int main(int argc, char **argv)
{
int listen_port = 0;
struct string_list listen_addr = STRING_LIST_INIT_NODUP;
- int serve_mode = 0, inetd_mode = 0;
+ int serve_mode = 0, inetd_mode = 0, systemd_mode = 0;
const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
int detach = 0;
struct credentials *cred = NULL;
@@ -1331,6 +1344,10 @@ int main(int argc, char **argv)
informative_errors = 0;
continue;
}
+ if (!strcmp(arg, --systemd)) {
+ systemd_mode = 1;
+ continue;
+ }
if (!strcmp(arg, --)) {
ok_paths = argv[i+1];
break;
@@ -1349,14 +1366,23 @@ int main(int argc, char **argv)
/* avoid splitting a message in the middle */
setvbuf(stderr, NULL, _IOFBF, 4096);
- if (inetd_mode (detach || group_name || user_name))
- die(--detach, --user and --group are incompatible with
--inetd);
+ if ((inetd_mode || systemd-mode) (detach || group_name || user_name))
+ die(--detach, --user and --group are incompatible with --inetd
and --systemd);
+
+ if (systemd_mode inetd_mode)
+ die(--inetd is incompatible with --systemd);
if (inetd_mode (listen_port || (listen_addr.nr 0)))
die(--listen= and --port= are incompatible with --inetd);
else if (listen_port == 0)
listen_port = DEFAULT_GIT_PORT;
+ if (systemd_mode) {
+ i = sd_listen_fds(0);
+ if (i = 0)
+ die(--systemd passed and not running from systemd or
no file descriptors passed);
+ }
+
if (group_name !user_name)
die(--group supplied without --user);
@@ -1395,5 +1421,5 @@ int main(int argc, char **argv)
cld_argv[i+1] = argv[i];
cld_argv[argc+1] = NULL;
- return serve(listen_addr, listen_port, cred);
+ return serve(listen_addr, listen_port, cred, systemd_mode);
}
diff --git a/git-daemon.service b/git-daemon.service
new file mode 100644
index 000..78c662e
--- /dev/null
+++ b/git-daemon.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Git Daemon
+
+[Service]
+ExecStart=/usr/lib/git-core/git-daemon --systemd --base-path=/var/lib
/var/lib/git
+User=gitdaemon
diff --git a/git-daemon.socket b/git-daemon.socket
new file mode 100644
index 000..b3dd981
--- /dev/null
+++ b/git-daemon.socket
@@ -0,0 +1,9 @@
+[Unit]
+Description=Git Daemon socket
+
+[Socket]
+ListenStream=9418
+
+[Install]
+WantedBy=sockets.target
+
diff --git a/sd-daemon.c b/sd-daemon.c
new file mode 100644
index 000..653fbf5
--- /dev/null
+++ b/sd-daemon.c
@@ -0,0 +1,132 @@
+/* stripped down version */
+/***
+ Copyright 2010 Lennart Poettering
+
+ Permission is hereby granted, free of charge, to any person
+ obtaining a copy
