summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorEmīls Piņķis <emils@mullvad.net>2022-09-02 15:10:55 +0200
committerEmīls Piņķis <emils@mullvad.net>2022-09-13 11:51:04 +0200
commitb358f13b5a02c30f0155b9feb22413b04dde81c0 (patch)
treeb876a2c779c8f320292544c983e715051667031d
parent9be68db2506f6e5fe28f58acc2495ab8bd3b67d5 (diff)
downloadmullvadvpn-b358f13b5a02c30f0155b9feb22413b04dde81c0.tar.xz
mullvadvpn-b358f13b5a02c30f0155b9feb22413b04dde81c0.zip
Improve daemon unit file
Set the `MULLVAD_RESOURCE_DIR` environment variable and specify the path as a required mount path.
-rw-r--r--dist-assets/linux/after-install.sh4
-rw-r--r--dist-assets/linux/after-remove.sh2
-rw-r--r--dist-assets/linux/before-install.sh1
-rw-r--r--dist-assets/linux/before-remove.sh1
-rw-r--r--dist-assets/linux/mullvad-daemon.service10
-rw-r--r--dist-assets/linux/mullvad-early-boot-blocking.service16
-rw-r--r--dist-assets/linux/post-transaction.sh12
-rw-r--r--gui/tasks/distribution.js16
8 files changed, 41 insertions, 21 deletions
diff --git a/dist-assets/linux/after-install.sh b/dist-assets/linux/after-install.sh
index e50af2eaf7..4a1771772f 100644
--- a/dist-assets/linux/after-install.sh
+++ b/dist-assets/linux/after-install.sh
@@ -3,6 +3,6 @@ set -eu
chmod u+s "/usr/bin/mullvad-exclude"
-systemctl enable "/etc/systemd/system/mullvad-daemon.service"
+systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service"
systemctl start mullvad-daemon.service
-systemctl enable "/etc/systemd/system/mullvad-early-boot-blocking.service"
+systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service"
diff --git a/dist-assets/linux/after-remove.sh b/dist-assets/linux/after-remove.sh
index 8dfe875a46..22c9529982 100644
--- a/dist-assets/linux/after-remove.sh
+++ b/dist-assets/linux/after-remove.sh
@@ -1,6 +1,8 @@
#!/usr/bin/env bash
set -eu
+echo "Running after-remove.sh"
+
function remove_logs_and_cache {
rm -r --interactive=never /var/log/mullvad-vpn/ || \
echo "Failed to remove mullvad-vpn logs"
diff --git a/dist-assets/linux/before-install.sh b/dist-assets/linux/before-install.sh
index a8efb02adb..5150f153ff 100644
--- a/dist-assets/linux/before-install.sh
+++ b/dist-assets/linux/before-install.sh
@@ -6,6 +6,7 @@ if which systemctl &> /dev/null; then
/opt/Mullvad\ VPN/resources/mullvad-setup prepare-restart || true
systemctl stop mullvad-daemon.service
systemctl disable mullvad-daemon.service
+ systemctl disable mullvad-early-boot-blocking.service || true
cp /var/log/mullvad-vpn/daemon.log /var/log/mullvad-vpn/old-install-daemon.log \
|| echo "Failed to copy old daemon log"
fi
diff --git a/dist-assets/linux/before-remove.sh b/dist-assets/linux/before-remove.sh
index 1134c9a51b..bfa1faae9f 100644
--- a/dist-assets/linux/before-remove.sh
+++ b/dist-assets/linux/before-remove.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
set -eu
+echo "Running before-remove.sh"
# SIGTERM for some reason causes the app to crash sometimes and SIGINT works as expected.
pkill -2 -x "mullvad-gui" || true
sleep 0.5
diff --git a/dist-assets/linux/mullvad-daemon.service b/dist-assets/linux/mullvad-daemon.service
index 843955e043..e36bd90eff 100644
--- a/dist-assets/linux/mullvad-daemon.service
+++ b/dist-assets/linux/mullvad-daemon.service
@@ -1,18 +1,20 @@
# Systemd service unit file for the Mullvad VPN daemon
+# testing if new changes are added
[Unit]
Description=Mullvad VPN daemon
-Wants=network.target
-After=network-online.target
-After=NetworkManager.service
-After=systemd-resolved.service
+Before=network-online.target
+After=mullvad-early-boot-blocking.service NetworkManager.service systemd-resolved.service
+
StartLimitBurst=5
StartLimitIntervalSec=20
+RequiresMountsFor=/opt/Mullvad\x20VPN/resources/
[Service]
Restart=always
RestartSec=1
ExecStart=/usr/bin/mullvad-daemon -v --disable-stdout-timestamps
+Environment="MULLVAD_RESOURCE_DIR=/opt/Mullvad VPN/resources/"
[Install]
WantedBy=multi-user.target
diff --git a/dist-assets/linux/mullvad-early-boot-blocking.service b/dist-assets/linux/mullvad-early-boot-blocking.service
new file mode 100644
index 0000000000..466eebb796
--- /dev/null
+++ b/dist-assets/linux/mullvad-early-boot-blocking.service
@@ -0,0 +1,16 @@
+# Systemd service unit file to block all traffic during early boot.
+# This is required since almost no distributions use a `network-pre.target`,
+# which implies it's difficult to ensure that the daemon will start and block
+# traffic before any network configuration will be applied.
+#
+[Unit]
+Description=Mullvad early boot network blocker
+DefaultDependencies=no
+Before=basic.target mullvad-daemon.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/mullvad-daemon --initialize-early-boot-firewall
+
+[Install]
+WantedBy=mullvad-daemon.service
diff --git a/dist-assets/linux/post-transaction.sh b/dist-assets/linux/post-transaction.sh
index 52edc5bffe..a2a14d17d8 100644
--- a/dist-assets/linux/post-transaction.sh
+++ b/dist-assets/linux/post-transaction.sh
@@ -2,6 +2,12 @@
# This is to mitigate post-uninstall hooks being ran AFTER post-install hooks
# during an upgrade on Fedora.
set -eu
-systemctl enable "/etc/systemd/system/mullvad-daemon.service" || true
-systemctl start mullvad-daemon.service || true
-systemctl enable "/etc/systemd/system/mullvad-early-boot-blocking.service" || true
+
+# Repeated enablement of the daemon service will result in the early-boot unit
+# being executed when the daemon is already running, which results in the
+# firewall rules being applied.
+if ! systemctl is-enabled mullvad-daemon; then
+ systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service" || true
+ systemctl start mullvad-daemon.service || true
+ systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service" || true
+fi
diff --git a/gui/tasks/distribution.js b/gui/tasks/distribution.js
index 45b9ce851b..7152eb4b8a 100644
--- a/gui/tasks/distribution.js
+++ b/gui/tasks/distribution.js
@@ -186,12 +186,8 @@ const config = {
distAssets('linux/before-install.sh'),
'--before-remove',
distAssets('linux/before-remove.sh'),
- '--config-files',
- '/etc/systemd/system/mullvad-daemon.service',
- '--config-files',
- '/etc/systemd/system/mullvad-early-boot-blocking.service',
- distAssets('linux/mullvad-daemon.service') +'=/etc/systemd/system/',
- distAssets('linux/mullvad-early-boot-blocking.service') +'=/etc/systemd/system/',
+ distAssets('linux/mullvad-daemon.service') +'=/usr/lib/systemd/system/mullvad-daemon.service',
+ distAssets('linux/mullvad-early-boot-blocking.service') +'=/usr/lib/systemd/system/mullvad-early-boot-blocking.service',
distAssets(path.join(getLinuxTargetSubdir(), 'mullvad')) + '=/usr/bin/',
distAssets(path.join(getLinuxTargetSubdir(), 'mullvad-daemon')) + '=/usr/bin/',
distAssets(path.join(getLinuxTargetSubdir(), 'mullvad-exclude')) + '=/usr/bin/',
@@ -214,12 +210,8 @@ const config = {
distAssets('linux/before-remove.sh'),
'--rpm-posttrans',
distAssets('linux/post-transaction.sh'),
- '--config-files',
- '/etc/systemd/system/mullvad-daemon.service',
- '--config-files',
- '/etc/systemd/system/mullvad-early-boot-blocking.service',
- distAssets('linux/mullvad-daemon.service') +'=/etc/systemd/system/',
- distAssets('linux/mullvad-early-boot-blocking.service') +'=/etc/systemd/system/',
+ distAssets('linux/mullvad-daemon.service') +'=/usr/lib/systemd/system/mullvad-daemon.service',
+ distAssets('linux/mullvad-early-boot-blocking.service') +'=/usr/lib/systemd/system/mullvad-early-boot-blocking.service',
distAssets(path.join(getLinuxTargetSubdir(), 'mullvad')) + '=/usr/bin/',
distAssets(path.join(getLinuxTargetSubdir(), 'mullvad-daemon')) + '=/usr/bin/',
distAssets(path.join(getLinuxTargetSubdir(), 'mullvad-exclude')) + '=/usr/bin/',