Packaging fixes and improvements

This adds a "tyk" user and group for DEB and RPM packages so that package files and directories would be owned by it and the process run with its effective uid and gid. Appropriate changes made to build scripts and init configs. In addition to this PID now has to reside in its own sub-rundir due to this change, so that's created (and additionally managed by systemd where it's available), default pidfile location changed appropriately so that upgrade wouldn't require any config changes by the users. The gateway config file is now only readable and writable by the "tyk" user/group. The build and push scripts allow manually assigning a version based on an environment variable, which is useful for unstable packaging (e.g. based on git revision ID). Doesn't remove "default" init system files on upgrade/remove anymore as it's now a way for users to run the process with custom environment variables, hence sort of a config file. Does a bunch of fixes on the packaging and init scripts (e.g. fixes RPM upgrades removing init scripts on upgrade). Removes old stuff. Adds Ubuntu 16.04 LTS (Xenial) package to PackageCloud.
XxYyKk · Dec 6, 2017 · f29fe14 · f29fe14
1 parent 7bf0433
commit f29fe14
Show file tree

Hide file tree

Showing 25 changed files with 203 additions and 532 deletions.
diff --git a/install/before_install.sh b/install/before_install.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+echo "Creating user and group..."
+GROUPNAME="tyk"
+USERNAME="tyk"
+
+getent group "$GROUPNAME" >/dev/null || groupadd -r "$GROUPNAME"
+getent passwd "$USERNAME" >/dev/null || useradd -r -g "$GROUPNAME" -M -s /sbin/nologin -c "Tyk service user" "$USERNAME"
diff --git a/install/inits/systemd/default/tyk-gateway b/install/inits/systemd/default/tyk-gateway
diff --git a/install/inits/systemd/install_actions.sh b/install/inits/systemd/install_actions.sh
diff --git a/install/inits/systemd/system/tyk-gateway-lua.service b/install/inits/systemd/system/tyk-gateway-lua.service
@@ -3,11 +3,19 @@ Description=Tyk API Gateway (LUA Support)
 
 [Service]
 Type=simple
-User=root
-Group=root
+User=tyk
+Group=tyk
+# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
+# Prefixing the path with '-' makes it try to load, but if the file doesn't
+# exist, it continues onward.
+EnvironmentFile=-/etc/default/tyk-gateway
+EnvironmentFile=-/etc/sysconfig/tyk-gateway
 ExecStart=/opt/tyk-gateway/tyk-lua --conf=/opt/tyk-gateway/tyk.conf
 Restart=always
 WorkingDirectory=/opt/tyk-gateway
+RuntimeDirectory=tyk
+RuntimeDirectoryMode=0770
+PIDFile=/var/run/tyk/tyk-gateway.pid
 
 [Install]
 WantedBy=multi-user.target
diff --git a/install/inits/systemd/system/tyk-gateway-python.service b/install/inits/systemd/system/tyk-gateway-python.service
@@ -3,11 +3,19 @@ Description=Tyk API Gateway (Python Support)
 
 [Service]
 Type=simple
-User=root
-Group=root
+User=tyk
+Group=tyk
+# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
+# Prefixing the path with '-' makes it try to load, but if the file doesn't
+# exist, it continues onward.
+EnvironmentFile=-/etc/default/tyk-gateway
+EnvironmentFile=-/etc/sysconfig/tyk-gateway
 ExecStart=/opt/tyk-gateway/tyk-python --conf=/opt/tyk-gateway/tyk.conf
 Restart=always
 WorkingDirectory=/opt/tyk-gateway
+RuntimeDirectory=tyk
+RuntimeDirectoryMode=0770
+PIDFile=/var/run/tyk/tyk-gateway.pid
 
 [Install]
 WantedBy=multi-user.target
diff --git a/install/inits/systemd/system/tyk-gateway.service b/install/inits/systemd/system/tyk-gateway.service
@@ -3,11 +3,19 @@ Description=Tyk API Gateway
 
 [Service]
 Type=simple
-User=root
-Group=root
+User=tyk
+Group=tyk
+# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
+# Prefixing the path with '-' makes it try to load, but if the file doesn't
+# exist, it continues onward.
+EnvironmentFile=-/etc/default/tyk-gateway
+EnvironmentFile=-/etc/sysconfig/tyk-gateway
 ExecStart=/opt/tyk-gateway/tyk --conf=/opt/tyk-gateway/tyk.conf
 Restart=always
 WorkingDirectory=/opt/tyk-gateway
+RuntimeDirectory=tyk
+RuntimeDirectoryMode=0770
+PIDFile=/var/run/tyk/tyk-gateway.pid
 
 [Install]
 WantedBy=multi-user.target
diff --git a/install/inits/sysv/etc/default/tyk-gateway → install/inits/sysv/default/tyk-gateway b/install/inits/sysv/etc/default/tyk-gateway → install/inits/sysv/default/tyk-gateway
@@ -1,6 +1,5 @@
-user="root"
-group="root"
+user="tyk"
+group="tyk"
 chroot="/"
 chdir="/opt/tyk-gateway"
 nice=""
-
diff --git a/...ll/inits/sysv/etc/default/tyk-gateway-lua → install/inits/sysv/default/tyk-gateway-lua b/...ll/inits/sysv/etc/default/tyk-gateway-lua → install/inits/sysv/default/tyk-gateway-lua
@@ -1,6 +1,5 @@
-user="root"
-group="root"
+user="tyk"
+group="tyk"
 chroot="/"
 chdir="/opt/tyk-gateway"
 nice=""
-
diff --git a/...inits/sysv/etc/default/tyk-gateway-python → ...all/inits/sysv/default/tyk-gateway-python b/...inits/sysv/etc/default/tyk-gateway-python → ...all/inits/sysv/default/tyk-gateway-python
@@ -1,6 +1,5 @@
-user="root"
-group="root"
+user="tyk"
+group="tyk"
 chroot="/"
 chdir="/opt/tyk-gateway"
 nice=""
-
diff --git a/install/inits/sysv/etc/init.d/tyk-gateway → install/inits/sysv/init.d/tyk-gateway b/install/inits/sysv/etc/init.d/tyk-gateway → install/inits/sysv/init.d/tyk-gateway
@@ -12,7 +12,7 @@
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: 
-# Description:       no description given
+# Description:       Tyk API Gateway
 ### END INIT INFO
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
@@ -21,7 +21,7 @@ export PATH
 name=tyk-gateway
 program=/opt/tyk-gateway/tyk
 args='--conf=/opt/tyk-gateway/tyk.conf'
-pidfile="/var/run/$name.pid"
+pidfile="/var/run/tyk/tyk-gateway.pid"
 
 [ -r /etc/default/$name ] && . /etc/default/$name
 [ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name

diff --git a/...all/inits/sysv/etc/init.d/tyk-gateway-lua → install/inits/sysv/init.d/tyk-gateway-lua b/...all/inits/sysv/etc/init.d/tyk-gateway-lua → install/inits/sysv/init.d/tyk-gateway-lua
@@ -12,7 +12,7 @@
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: 
-# Description:       no description given
+# Description:       Tyk API Gateway (Lua)
 ### END INIT INFO
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
@@ -21,7 +21,7 @@ export PATH
 name=tyk-gateway-lua
 program=/opt/tyk-gateway/tyk-lua
 args='--conf=/opt/tyk-gateway/tyk.conf'
-pidfile="/var/run/$name.pid"
+pidfile="/var/run/tyk/tyk-gateway.pid"
 
 [ -r /etc/default/$name ] && . /etc/default/$name
 [ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name

diff --git a/.../inits/sysv/etc/init.d/tyk-gateway-python → install/inits/sysv/init.d/tyk-gateway-python b/.../inits/sysv/etc/init.d/tyk-gateway-python → install/inits/sysv/init.d/tyk-gateway-python
@@ -12,7 +12,7 @@
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: 
-# Description:       no description given
+# Description:       Tyk API Gateway (Python)
 ### END INIT INFO
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
@@ -21,7 +21,7 @@ export PATH
 name=tyk-gateway-python
 program=/opt/tyk-gateway/tyk-python
 args='--conf=/opt/tyk-gateway/tyk.conf'
-pidfile="/var/run/$name.pid"
+pidfile="/var/run/tyk/tyk-gateway.pid"
 
 [ -r /etc/default/$name ] && . /etc/default/$name
 [ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name

diff --git a/install/inits/upstart/default/tyk-gateway b/install/inits/upstart/default/tyk-gateway
diff --git a/...l/inits/upstart/conf/tyk-gateway-lua.conf → ...l/inits/upstart/init/tyk-gateway-lua.conf b/...l/inits/upstart/conf/tyk-gateway-lua.conf → ...l/inits/upstart/init/tyk-gateway-lua.conf
@@ -5,7 +5,7 @@ stop on runlevel [!2345]
 respawn
 umask 022
 #nice 
-#chroot /
+chroot /
 chdir /opt/tyk-gateway/
 #limit core <softlimit> <hardlimit>
 #limit cpu <softlimit> <hardlimit>
@@ -20,9 +20,16 @@ chdir /opt/tyk-gateway/
 #limit rtprio <softlimit> <hardlimit>
 #limit sigpending <softlimit> <hardlimit>
 #limit stack <softlimit> <hardlimit>
-setuid root
-setgid root
+setuid tyk
+setgid tyk
 console log # log stdout/stderr to /var/log/upstart/
 
-
-exec /opt/tyk-gateway/tyk-lua --conf=/opt/tyk-gateway/tyk.conf
+script
+  # When loading default and sysconfig files, we use `set -a` to make
+  # all variables automatically into environment variables.
+  set -a
+  [ -r /etc/default/tyk-gateway ] && . /etc/default/tyk-gateway
+  [ -r /etc/sysconfig/tyk-gateway ] && . /etc/sysconfig/tyk-gateway
+  set +a
+  exec /opt/tyk-gateway/tyk-lua --conf=/opt/tyk-gateway/tyk.conf
+end script
diff --git a/...nits/upstart/conf/tyk-gateway-python.conf → ...nits/upstart/init/tyk-gateway-python.conf b/...nits/upstart/conf/tyk-gateway-python.conf → ...nits/upstart/init/tyk-gateway-python.conf
@@ -5,7 +5,7 @@ stop on runlevel [!2345]
 respawn
 umask 022
 #nice 
-#chroot /
+chroot /
 chdir /opt/tyk-gateway/
 #limit core <softlimit> <hardlimit>
 #limit cpu <softlimit> <hardlimit>
@@ -20,9 +20,16 @@ chdir /opt/tyk-gateway/
 #limit rtprio <softlimit> <hardlimit>
 #limit sigpending <softlimit> <hardlimit>
 #limit stack <softlimit> <hardlimit>
-setuid root
-setgid root
+setuid tyk
+setgid tyk
 console log # log stdout/stderr to /var/log/upstart/
 
-
-exec /opt/tyk-gateway/tyk-python --conf=/opt/tyk-gateway/tyk.conf
+script
+  # When loading default and sysconfig files, we use `set -a` to make
+  # all variables automatically into environment variables.
+  set -a
+  [ -r /etc/default/tyk-gateway ] && . /etc/default/tyk-gateway
+  [ -r /etc/sysconfig/tyk-gateway ] && . /etc/sysconfig/tyk-gateway
+  set +a
+  exec /opt/tyk-gateway/tyk-python --conf=/opt/tyk-gateway/tyk.conf
+end script
diff --git a/install/inits/upstart/conf/tyk-gateway.conf → install/inits/upstart/init/tyk-gateway.conf b/install/inits/upstart/conf/tyk-gateway.conf → install/inits/upstart/init/tyk-gateway.conf
@@ -5,7 +5,7 @@ stop on runlevel [!2345]
 respawn
 umask 022
 #nice 
-#chroot /
+chroot /
 chdir /opt/tyk-gateway/
 #limit core <softlimit> <hardlimit>
 #limit cpu <softlimit> <hardlimit>
@@ -20,9 +20,16 @@ chdir /opt/tyk-gateway/
 #limit rtprio <softlimit> <hardlimit>
 #limit sigpending <softlimit> <hardlimit>
 #limit stack <softlimit> <hardlimit>
-setuid root
-setgid root
+setuid tyk
+setgid tyk
 console log # log stdout/stderr to /var/log/upstart/
 
-
-exec /opt/tyk-gateway/tyk --conf=/opt/tyk-gateway/tyk.conf
+script
+  # When loading default and sysconfig files, we use `set -a` to make
+  # all variables automatically into environment variables.
+  set -a
+  [ -r /etc/default/tyk-gateway ] && . /etc/default/tyk-gateway
+  [ -r /etc/sysconfig/tyk-gateway ] && . /etc/sysconfig/tyk-gateway
+  set +a
+  exec /opt/tyk-gateway/tyk --conf=/opt/tyk-gateway/tyk.conf
+end script
diff --git a/install/post_install.sh b/install/post_install.sh
@@ -1,4 +1,15 @@
 #!/bin/bash
+echo "Setting permissions"
+# Config file must not be world-readable due to sensitive data
+chmod 660 /opt/tyk-gateway/tyk.conf
+
+echo "Creating a PID directory"
+if [ ! -d /var/run/tyk ]; then
+	mkdir -p /var/run/tyk
+	chown tyk:tyk /var/run/tyk
+	chmod 770 /var/run/tyk
+fi
+
 echo "Installing init scripts..."
 
 SYSTEMD="/lib/systemd/system"
@@ -7,37 +18,43 @@ SYSV1="/etc/init.d"
 SYSV2="/etc/rc.d/init.d/"
 DIR="/opt/tyk-gateway/install"
 
-if [ -d "$SYSTEMD" ]; then
+if [ -d "$SYSTEMD" -a -x "$(command -v systemctl)" ]; then
 	echo "Found Systemd"
-	cp $DIR/inits/systemd/system/tyk-gateway.service /lib/systemd/system/tyk-gateway.service
+	[ -f /etc/default/tyk-gateway ] || cp $DIR/inits/systemd/default/tyk-gateway /etc/default/
+	cp $DIR/inits/systemd/system/tyk-gateway.service /lib/systemd/system/
 	cp $DIR/inits/systemd/system/tyk-gateway-lua.service /lib/systemd/system/tyk-gateway-lua.service
 	cp $DIR/inits/systemd/system/tyk-gateway-python.service /lib/systemd/system/tyk-gateway-python.service
+	systemctl --system daemon-reload
+	exit
 fi
 
 if [ -d "$UPSTART" ]; then
 	echo "Found upstart"
-	cp $DIR/inits/upstart/conf/tyk-gateway.conf /etc/init/
-	cp $DIR/inits/upstart/conf/tyk-gateway-lua.conf /etc/init/
-	cp $DIR/inits/upstart/conf/tyk-gateway-python.conf /etc/init/
+	[ -f /etc/default/tyk-gateway ] || cp $DIR/inits/upstart/default/tyk-gateway /etc/default/
+	cp $DIR/inits/upstart/init/tyk-gateway.conf /etc/init/
+	cp $DIR/inits/upstart/init/tyk-gateway-lua.conf /etc/init/
+	cp $DIR/inits/upstart/init/tyk-gateway-python.conf /etc/init/
+	exit
 fi
 
 if [ -d "$SYSV1" ]; then
 	echo "Found SysV1"
-	cp $DIR/inits/sysv/etc/default/tyk-gateway /etc/default/tyk-gateway
-	cp $DIR/inits/sysv/etc/default/tyk-gateway-lua /etc/default/tyk-gateway-lua
-	cp $DIR/inits/sysv/etc/default/tyk-gateway-python /etc/default/tyk-gateway-python
-	cp $DIR/inits/sysv/etc/init.d/tyk-gateway /etc/init.d/tyk-gateway
-	cp $DIR/inits/sysv/etc/init.d/tyk-gateway-lua /etc/init.d/tyk-gateway-lua
-	cp $DIR/inits/sysv/etc/init.d/tyk-gateway-python /etc/init.d/tyk-gateway-python
-  	
+	[ -f /etc/default/tyk-gateway ] || cp $DIR/inits/sysv/default/tyk-gateway /etc/default/
+	[ -f /etc/default/tyk-gateway-python ] || cp $DIR/inits/sysv/default/tyk-gateway-python /etc/default/
+	[ -f /etc/default/tyk-gateway-lua ] || cp $DIR/inits/sysv/default/tyk-gateway-lua /etc/default/
+	cp $DIR/inits/sysv/init.d/tyk-gateway /etc/init.d/tyk-gateway
+	cp $DIR/inits/sysv/init.d/tyk-gateway-lua /etc/init.d/tyk-gateway-lua
+	cp $DIR/inits/sysv/init.d/tyk-gateway-python /etc/init.d/tyk-gateway-python
+	exit
 fi
 
 if [ -d "$SYSV2" ]; then
 	echo "Found Sysv2"
-  	cp $DIR/inits/sysv/etc/default/tyk-gateway /etc/default/tyk-gateway
-  	cp $DIR/inits/sysv/etc/default/tyk-gateway-lua /etc/default/tyk-gateway-lua
-  	cp $DIR/inits/sysv/etc/default/tyk-gateway-python /etc/default/tyk-gateway-python
-	cp $DIR/inits/sysv/etc/init.d/tyk-gateway /etc/rc.d/init.d/tyk-gateway
-	cp $DIR/inits/sysv/etc/init.d/tyk-gateway-lua /etc/rc.d/init.d/tyk-gateway-lua
-	cp $DIR/inits/sysv/etc/init.d/tyk-gateway-python /etc/rc.d/init.d/tyk-gateway-python
-fi
+	[ -f /etc/default/tyk-gateway ] || cp $DIR/inits/sysv/default/tyk-gateway /etc/default/
+	[ -f /etc/default/tyk-gateway-python ] || cp $DIR/inits/sysv/default/tyk-gateway-python /etc/default/
+	[ -f /etc/default/tyk-gateway-lua ] || cp $DIR/inits/sysv/default/tyk-gateway-lua /etc/default/
+	cp $DIR/inits/sysv/init.d/tyk-gateway /etc/rc.d/init.d/tyk-gateway
+	cp $DIR/inits/sysv/init.d/tyk-gateway-lua /etc/rc.d/init.d/tyk-gateway-lua
+	cp $DIR/inits/sysv/init.d/tyk-gateway-python /etc/rc.d/init.d/tyk-gateway-python
+	exit
+fi