From 40334726224f82564e52d13414ed0e30b2e1b741 Mon Sep 17 00:00:00 2001
From: Leo Antunes <costela@debian.org>
Date: Sun, 2 Oct 2016 17:44:49 +0200
Subject: [PATCH] add systemd support (closes: #729663)

---
 debian/control        |  2 +-
 debian/default        |  7 -----
 debian/init           | 71 -------------------------------------------
 debian/knockd.init    | 71 +++++++++++++++++++++++++++++++++++++++++++
 debian/knockd.service | 13 ++++++++
 debian/rules          | 11 ++++++-
 6 files changed, 95 insertions(+), 80 deletions(-)
 delete mode 100644 debian/init
 create mode 100644 debian/knockd.init
 create mode 100644 debian/knockd.service

diff --git a/debian/control b/debian/control
index abe3930..40342a3 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Homepage: http://www.zeroflux.org/projects/knock
 
 Package: knockd
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate
+Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 3.0-6)
 Description: small port-knock daemon
  A port-knock server that listens to all traffic on a given network
  interface (only Ethernet and PPP are currently supported), looking for 
diff --git a/debian/default b/debian/default
index 04effa6..665cb77 100644
--- a/debian/default
+++ b/debian/default
@@ -1,13 +1,6 @@
-################################################
-#
-# knockd's default file, for generic sys config
-#
-################################################
-
 # control if we start knockd at init or not
 # 1 = start
 # anything else = don't start
-#
 # PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
 START_KNOCKD=0
 
diff --git a/debian/init b/debian/init
deleted file mode 100644
index aad0e1c..0000000
--- a/debian/init
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/sh
-
-### BEGIN INIT INFO
-# Provides:          knockd
-# Required-Start:    $network $syslog
-# Required-Stop:     $network $syslog
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: port-knock daemon
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/knockd
-NAME=knockd
-PIDFILE=/var/run/$NAME.pid
-DEFAULTS_FILE=/etc/default/knockd
-DESC="Port-knock daemon"
-OPTIONS=" -d"
-
-umask 0037
-
-test -f $DAEMON || exit 0
-
-set -e
-
-[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
-
-. /lib/lsb/init-functions
-
-[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
-
-start_if_configured() {
-	if [ $START_KNOCKD -ne 1 ]; then
-                log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
-                exit 0
-	else
-		log_daemon_msg "Starting $DESC" "$NAME"
-		if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
-			# don't fail the upgrade if it fails to start
-			echo -n " "
-			log_action_end_msg 1 "$START_ERROR"
-			exit 0
-		else
-			log_end_msg 0
-		fi
-        fi
-}
-
-case "$1" in
-  start)
-	start_if_configured
-	;;
-  stop)
-	log_daemon_msg "Stopping $DESC" "$NAME"
-	start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
-	log_end_msg 0
-	;;
-  restart|reload|force-reload)
-	log_daemon_msg "Stopping $DESC" "$NAME"
-	start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
-	log_end_msg 0
-	sleep 1
-	start_if_configured
-	;;
-  *)
-        log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
-	exit 1
-	;;
-esac
-
-exit 0
diff --git a/debian/knockd.init b/debian/knockd.init
new file mode 100644
index 0000000..71805b7
--- /dev/null
+++ b/debian/knockd.init
@@ -0,0 +1,71 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          knockd
+# Required-Start:    $network $syslog
+# Required-Stop:     $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: port-knock daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/knockd
+NAME=knockd
+PIDFILE=/var/run/$NAME.pid
+DEFAULTS_FILE=/etc/default/knockd
+DESC="Port-knock daemon"
+OPTIONS=" -d"
+
+umask 0037
+
+test -f $DAEMON || exit 0
+
+set -e
+
+[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
+
+. /lib/lsb/init-functions
+
+[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
+
+start_if_configured() {
+    if [ $START_KNOCKD -ne 1 ]; then
+        log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
+        exit 0
+    else
+        log_daemon_msg "Starting $DESC" "$NAME"
+        if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
+            # don't fail the upgrade if it fails to start
+            echo -n " "
+            log_action_end_msg 1 "$START_ERROR"
+            exit 0
+        else
+            log_end_msg 0
+        fi
+    fi
+}
+
+case "$1" in
+    start)
+        start_if_configured
+        ;;
+    stop)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+        log_end_msg 0
+        ;;
+    restart|reload|force-reload)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+        log_end_msg 0
+        sleep 1
+        start_if_configured
+        ;;
+    *)
+        log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/debian/knockd.service b/debian/knockd.service
new file mode 100644
index 0000000..f215554
--- /dev/null
+++ b/debian/knockd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Port-Knock Daemon
+After=network.target
+Documentation=man:knockd(1)
+
+[Service]
+EnvironmentFile=-/etc/default/knockd
+ExecStart=/usr/sbin/knockd $KNOCKD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+SuccessExitStatus=0 2 15
+ProtectSystem=full
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
diff --git a/debian/rules b/debian/rules
index 1daea17..88943df 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,5 +1,14 @@
 #!/usr/bin/make -f
 
 %:
-	dh $@ --with autotools-dev
+	dh $@ --with autotools-dev --with systemd
 
+# the standard config is unsafe
+override_dh_systemd_enable:
+	dh_systemd_enable --no-enable
+
+override_dh_systemd_start:
+	dh_systemd_start --no-start
+
+override_dh_installinit:
+	dh_installinit --no-start