Add systemd service for bitcoind

Adding systemd service for bitcoind, to provide for a simpler
out-of-the-box experience.

Configuration file is /etc/bitcoin/bitcoin.conf. This file is a
copy of the sample configuration file.

The service user 'bitcoin' is added during install. Its homedir
is in '/var/lib/bitcoin'.

bitcoind.service is disabled by default to allow the user to
configure it, before starting it the first time.

On package purge, the 'bitcoin' user as well as its homedir is
left intact, to not accidentally remove a wallet or something of
equal importance. Instead the user is presented with information
on how to perform the cleanup manually, after making sure all
important data has been backed up.

debian/bitcoind.install

@@ -1,2 +1,3 @@
 usr/local/bin/bitcoind usr/bin
 usr/local/bin/bitcoin-cli usr/bin
+debian/examples/bitcoin.conf etc/bitcoin

debian/bitcoind.postinst

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# setup bitcoin account, homedir etc
+
+set -e
+
+BCUSER="bitcoin"
+BCHOME="/var/lib/bitcoin"
+
+if [ "$1" = "configure" ]; then
+
+	# Add bitcoin user/group - this will gracefully abort if the user already exists.
+	# A homedir is never created.
+	adduser --system --home "${BCHOME}" --no-create-home --group "${BCUSER}"
+
+	# If the homedir does not already exist, create it with proper
+	# ownership and permissions.
+	if [ ! -d "${BCHOME}" ]; then
+		mkdir -m 0750 -p "${BCHOME}"
+		chown "${BCUSER}:${BCUSER}" "${BCHOME}"
+	fi
+
+fi
+
+#DEBHELPER#
+
+exit 0

debian/bitcoind.postrm

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# setup bitcoin account, homedir etc
+
+set -e
+
+BCUSER="bitcoin"
+BCHOME="/var/lib/bitcoin"
+
+if [ "$1" = "purge" ]; then
+
+	# The bitcoin user is left in place for now - This is to ensure that a new user
+	# will not inherit the users UID/GID and inadvertently gain access to wallets etc
+
+	# The homedir is also left intact to ensure that we don't accidentally delete a
+	# wallet or something equally important
+
+	echo
+	echo "#"
+	echo "#  The bitcoin user (${BCUSER}) and data dir (${BCHOME})"
+	echo "#  were left intact."
+	echo "#"
+	echo "#  Make sure to check \"${BCHOME}\" for wallets and other"
+	echo "#  important bits."
+	echo "#"
+	echo "#  After backing up all vital data, cleanup can be completed"
+	echo "#  by running: sudo userdel -r ${BCUSER}"
+	echo "#"
+	echo
+
+fi
+
+#DEBHELPER#
+
+exit 0

debian/bitcoind.service

@@ -0,0 +1,45 @@
+# It is not recommended to modify this file in-place, because it will
+# be overwritten during package upgrades. If you want to add further
+# options or overwrite existing ones then use
+# $ systemctl edit bitcoind.service
+# See "man systemd.service" for details.
+
+# Note that almost all daemon options could be specified in
+# /etc/bitcoin/bitcoin.conf
+
+[Unit]
+Description=Bitcoin daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/bitcoind -daemon -datadir=/var/lib/bitcoin -conf=/etc/bitcoin/bitcoin.conf -pid=/run/bitcoind/bitcoind.pid
+# Creates /run/bitcoind owned by bitcoin
+RuntimeDirectory=bitcoind
+User=bitcoin
+Type=forking
+PIDFile=/run/bitcoind/bitcoind.pid
+Restart=on-failure
+
+# Hardening measures
+####################
+
+# Provide a private /tmp and /var/tmp.
+PrivateTmp=true
+
+# Mount /usr, /boot/ and /etc read-only for the process.
+ProtectSystem=full
+
+# Disallow the process and all of its children to gain
+# new privileges through execve().
+NoNewPrivileges=true
+
+# Use a new /dev namespace only populated with API pseudo devices
+# such as /dev/null, /dev/zero and /dev/random.
+PrivateDevices=true
+
+# Deny the creation of writable and executable memory mappings.
+# Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS
+#MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target

debian/changelog

@@ -1,3 +1,9 @@
+bitcoin (0.16.0-trusty2) trusty; urgency=medium
+
+  * Add systemd service to bitcoind
+
+ -- Thomas M Steenholdt <[email protected]>  Wed, 18 Apr 2018 16:40:00 -0200
+
 bitcoin (0.16.0-xenial1) xenial; urgency=medium
 
   * Mark for xenial.

debian/control

@@ -25,15 +25,16 @@ Build-Depends: debhelper,
  libqrencode-dev,
  libprotobuf-dev, protobuf-compiler,
  python,
- libzmq3-dev
+ libzmq3-dev,
+ dh-systemd
 Standards-Version: 3.9.2
 Homepage: https://bitcoincore.org/
 Vcs-Git: git://github.com/bitcoin/bitcoin.git
 Vcs-Browser: https://github.com/bitcoin/bitcoin
 
 Package: bitcoind
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
 Description: peer-to-peer network based digital currency - daemon
  Bitcoin is a free open source peer-to-peer electronic cash system that
  is completely decentralized, without the need for a central server or

debian/rules

@@ -6,7 +6,7 @@
 #	$(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),,src/test_bitcoin)
 
 %:
-	dh --with bash-completion $@
+	dh --with bash-completion --with systemd $@
 
 override_dh_auto_clean:
 	if [ -f Makefile ]; then $(MAKE) distclean; fi
@@ -32,3 +32,18 @@ ifeq ($(QT), qt4)
 else
 	make check
 endif
+
+# No SysV or Upstart init scripts included
+override_dh_installinit:
+	dh_installinit \
+		--noscripts
+
+# Don’t enable service by default
+override_dh_systemd_enable:
+	dh_systemd_enable \
+		--no-enable
+
+# Restart after upgrade
+override_dh_systemd_start:
+	dh_systemd_start \
+		--restart-after-upgrade