diff --git a/ci/packaging/debian/control b/ci/packaging/debian/control new file mode 100644 index 0000000000..b3023280af --- /dev/null +++ b/ci/packaging/debian/control @@ -0,0 +1,21 @@ +Source: rippled +Section: net +Priority: optional +Maintainer: Michael Legleux +Rules-Requires-Root: no +Build-Depends: + debhelper-compat (= 13), +Standards-Version: 4.7.0 +Homepage: https://github.com/XRPLF/rippled +Vcs-Git: https://github.com/XRPLF/rippled.git +Vcs-Browser: https://github.com/XRPLF/rippled + +Package: rippled +Section: net +Priority: optional +Architecture: any +Depends: + ${shlibs:Depends}, + ${misc:Depends} +Description: XRP Ledger server daemon + XRPL server daemon providing ledger validation and p2p network services. diff --git a/ci/packaging/debian/rippled.install b/ci/packaging/debian/rippled.install new file mode 100644 index 0000000000..f534752d06 --- /dev/null +++ b/ci/packaging/debian/rippled.install @@ -0,0 +1,11 @@ +opt/ripple/bin/rippled + +opt/ripple/etc/rippled.cfg +opt/ripple/etc/validators.txt + +# systemd unit (if you keep it in debian/ as a source file, do NOT list it here) +# If instead you stage it into debian/tmp, uncomment: +# lib/systemd/system/rippled.service + +usr/share/doc/rippled/README.md +usr/share/doc/rippled/LICENSE.md diff --git a/ci/packaging/debian/rippled.links b/ci/packaging/debian/rippled.links new file mode 100644 index 0000000000..ab43dca59f --- /dev/null +++ b/ci/packaging/debian/rippled.links @@ -0,0 +1,8 @@ +/opt/ripple/bin/rippled /usr/bin/rippled +/opt/ripple/etc/rippled.cfg /etc/opt/ripple/xrpld.cfg +/opt/ripple/etc/validators.txt /etc/opt/ripple/validators.txt + +# TODO: Remove when rippled deprecated +/opt/ripple/bin/rippled /opt/ripple/bin/xrpld +/opt/ripple/etc/rippled.cfg /etc/opt/ripple/xrpld.cfg +/opt/ripple /opt/xrpld diff --git a/ci/packaging/debian/rippled.logrotate b/ci/packaging/debian/rippled.logrotate new file mode 100644 index 0000000000..120aa91d3c --- /dev/null +++ b/ci/packaging/debian/rippled.logrotate @@ -0,0 +1,15 @@ +/var/log/rippled/*.log { + daily + minsize 200M + rotate 7 + nocreate + missingok + notifempty + compress + compresscmd /usr/bin/nice + compressoptions -n19 ionice -c3 gzip + compressext .gz + postrotate + /opt/ripple/bin/rippled --conf /opt/ripple/etc/rippled.cfg logrotate + endscript +} diff --git a/ci/packaging/debian/rippled.service b/ci/packaging/debian/rippled.service new file mode 100644 index 0000000000..d73c56838b --- /dev/null +++ b/ci/packaging/debian/rippled.service @@ -0,0 +1,40 @@ +[Unit] +Description=XRPL daemon +After=network-online.target +Wants=network-online.target + +[Service] +Type=notify + +User=rippled +Group=rippled + +# Canonical config location (as you described) +ExecStart=/opt/ripple/bin/rippled --conf /etc/opt/ripple/rippled.cfg + +# Reasonable hardening defaults (trim if they break your runtime) +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ProtectControlGroups=true +ProtectKernelTunables=true +ProtectKernelModules=true +LockPersonality=true +RestrictRealtime=true +RestrictSUIDSGID=true +MemoryDenyWriteExecute=true +SystemCallArchitectures=native + +# Allow writes only where you actually need them +ReadWritePaths=/var/lib/rippled /var/log/rippled + +StateDirectory=rippled +LogsDirectory=rippled + +Restart=on-failure +RestartSec=2s +TimeoutStopSec=30s + +[Install] +WantedBy=multi-user.target diff --git a/ci/packaging/debian/rippled.sysusers b/ci/packaging/debian/rippled.sysusers new file mode 100644 index 0000000000..f889c02aa8 --- /dev/null +++ b/ci/packaging/debian/rippled.sysusers @@ -0,0 +1,5 @@ +u rippled - "XRPL Daemon" /var/lib/ripled + +# Type Name ID GECOS Home Shell +g rippled - - - - +u rippled - "XRPL rippled" /var/lib/rippled /usr/sbin/nologin diff --git a/ci/packaging/debian/rippled.tmpfiles b/ci/packaging/debian/rippled.tmpfiles new file mode 100644 index 0000000000..97eb0fbde9 --- /dev/null +++ b/ci/packaging/debian/rippled.tmpfiles @@ -0,0 +1,3 @@ +# StateDirectory/LogsDirectory/RuntimeDirectory in systemd service makes this redundant but this enables apt purge. +d /var/lib/rippled 0750 rippled rippled - +d /var/log/rippled 0750 rippled rippled - diff --git a/ci/packaging/debian/rules b/ci/packaging/debian/rules new file mode 100644 index 0000000000..d400b1a816 --- /dev/null +++ b/ci/packaging/debian/rules @@ -0,0 +1,42 @@ +#!/usr/bin/make -f + +export DH_VERBOSE = 1 + +%: + dh $@ + +override_dh_auto_configure override_dh_auto_build override_dh_auto_test: + @: + +override_dh_auto_install: + rm -rf debian/tmp + mkdir -p debian/tmp/opt/ripple/bin + mkdir -p debian/tmp/opt/ripple/etc + mkdir -p debian/tmp/usr + cp -a "$(INSTALL_TREE)/bin" debian/tmp/opt/ripple + cp -a "$(INSTALL_TREE)/etc" debian/tmp/opt/ripple + cp -a "$(INSTALL_TREE)/usr" debian/tmp + rm -rf debian/tmp/usr/include + rm -rf debian/tmp/usr/lib + install -Dm0644 README.md debian/tmp/usr/share/doc/rippled/README.md + install -Dm0644 LICENSE.md debian/tmp/usr/share/doc/rippled/LICENSE.md + install -Dm0644 cfg/rippled-example.cfg debian/tmp/opt/ripple/etc/rippled.cfg + install -Dm0644 cfg/validators-example.txt debian/tmp/opt/ripple/etc/validators.txt + +override_dh_installsystemd: + dh_installsystemd + +override_dh_installsysusers: + dh_installsysusers + +override_dh_installtmpfiles: + dh_installtmpfiles + +override_dh_install: + dh_install + +override_dh_dwz: + @: + +override_dh_strip: + dh_strip --no-automatic-dbgsym