add twitch rc file - twitch-go - twitch.tv web application in Go
(HTM) git clone git://git.codemadness.org/twitch-go
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 9cea321d4b5e39b6ba61eea2bb27b6c6f44f18f4
(DIR) parent b8eced82c67e9d0e5353b5f5f0b833cdccc61d07
(HTM) Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sun, 12 Jun 2016 19:59:30 +0200
add twitch rc file
Diffstat:
A rc_twitch | 65 +++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/rc_twitch b/rc_twitch
@@ -0,0 +1,65 @@
+#!/bin/sh
+# This sets up a chroot for a service.
+# the service is priv-dropped.
+# NOTE: depending on your service some build_chroot steps can be omitted.
+#
+# Some tips:
+# - idealy setup a separate partition for services with mount options:
+# nodev,nosuid,ro options.
+# - pledge(2) the service program.
+# - specific pf rules for service.
+# - setup resource limits for service user.
+
+chroot_daemon="/bin/twitch-go"
+original_daemon="/usr/local/sbin/twitch-go"
+chroot="/services/twitch"
+user="_twitch"
+group="_twitch"
+
+daemon="chroot -u ${user} -g ${group} $chroot ${chroot_daemon}"
+daemon_flags="-t tcp4 -d /data -l 127.0.0.1:8081"
+
+. /etc/rc.d/rc.subr
+
+rc_reload=NO
+rc_bg=YES
+
+pexp="${chroot_daemon} .*"
+
+build_chroot() {
+ # Locations of binaries and libraries.
+ mkdir -p "$chroot/etc" \
+ "$chroot/bin" \
+ "$chroot/dev" \
+ "$chroot/usr/lib" \
+ "$chroot/usr/libexec"
+
+ # Copy original daemon.
+ cp "$original_daemon" "$chroot/bin"
+
+ # Copy password and group information.
+ cp /etc/passwd /etc/resolv.conf "$chroot/etc"
+ grep "$group" "/etc/group" > "$chroot/etc/group"
+
+ # cert bundle.
+ mkdir -p "$chroot/etc/ssl"
+ cp /etc/ssl/cert.pem "$chroot/etc/ssl"
+
+ # copy shared core libraries.
+ cp /usr/lib/libpthread.so.* "$chroot/usr/lib"
+ cp /usr/lib/libc.so.* "$chroot/usr/lib"
+ cp /usr/libexec/ld.so "$chroot/usr/libexec"
+
+ # setup /dev
+ # NOTE: make sure mount in $chroot does not have "nodev" set.
+ test -e "$chroot/dev/urandom" || mknod -m 644 "$chroot/dev/urandom" c 45 2
+ test -e "$chroot/dev/null" || mknod -m 644 "$chroot/dev/null" c 2 2
+}
+
+rc_pre() {
+ build_chroot
+}
+
+rc_cmd $1
+
+