systemd service improvements

baranyaib90 · baranyaib90 · commit 7626a98e993f · 2025-08-24T21:42:39.000+02:00
Goal is to indicate service readyness after
bootstrap has finished.
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -22,7 +22,7 @@ jobs:
       run: sudo apt-get update
 
     - name: Setup Dependencies
-      run: sudo apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev build-essential clang-tidy dnsutils python3-pip python3-venv valgrind ${{ matrix.compiler }}
+      run: sudo apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev libsystemd-dev build-essential clang-tidy dnsutils python3-pip python3-venv valgrind ${{ matrix.compiler }}
 
     - name: Setup Python Virtual Environment
       run: python3 -m venv ${{github.workspace}}/venv
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,6 +1,8 @@
 cmake_minimum_required(VERSION 3.7)
 project(HttpsDnsProxy C)
 
+include(CheckIncludeFile)
+
 # FUNCTIONS
 
 # source: https://stackoverflow.com/a/27990434
@@ -35,6 +37,9 @@ if (((CMAKE_C_COMPILER_ID MATCHES GNU   AND CMAKE_C_COMPILER_VERSION VERSION_GRE
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant")
 endif()
 
+set(SERVICE_EXTRA_OPTIONS "")
+set(SERVICE_TYPE "simple")
+
 # VERSION
 # It is possible to define external default value like: cmake -DSW_VERSION=1.2-custom
 
@@ -82,6 +87,15 @@ include_directories(
   ${LIBCARES_INCLUDE_DIR} ${LIBCURL_INCLUDE_DIR}
   ${LIBEV_INCLUDE_DIR} src)
 
+check_include_file("systemd/sd-daemon.h" HAVE_SD_DAEMON_H)
+
+if(HAVE_SD_DAEMON_H)
+  message(STATUS "Using libsystemd")
+  add_definitions(-DHAS_LIBSYSTEMD=1)
+  set(LIBS ${LIBS} systemd)
+  set(SERVICE_TYPE "notify")
+endif()
+
 # CLANG TIDY
 
 option(USE_CLANG_TIDY "Use clang-tidy during compilation" ON)
@@ -133,7 +147,6 @@ endif()
 
 install(TARGETS ${TARGET_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR})
 
-set(SERVICE_EXTRA_OPTIONS "")
 if(IS_DIRECTORY "/etc/munin/plugins" AND
    IS_DIRECTORY "/etc/munin/plugin-conf.d")
   set(SERVICE_EXTRA_OPTIONS "-s 300")
diff --git a/README.md b/README.md
@@ -48,6 +48,7 @@ Depends on `c-ares (>=1.11.0)`, `libcurl (>=7.66.0)`, `libev (>=4.25)`.
 On Debian-derived systems those are libc-ares-dev,
 libcurl4-{openssl,nss,gnutls}-dev and libev-dev respectively.
 On Redhat-derived systems those are c-ares-devel, libcurl-devel and libev-devel.
+On systems with systemd it is recommended to have libsystemd development package installed.
 
 On MacOS, you may run into issues with curl headers. Others have had success when first installing curl with brew.
 ```
@@ -57,7 +58,7 @@ brew link curl --force
 
 On Ubuntu
 ```
-apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev build-essential
+apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev libsystemd-dev build-essential
 ```
 
 If all pre-requisites are met, you should be able to build with:
diff --git a/https_dns_proxy.service.in b/https_dns_proxy.service.in
@@ -6,11 +6,13 @@ Before=nss-lookup.target
 After=network.target
 
 [Service]
-Type=simple
+Type=${SERVICE_TYPE}
 DynamicUser=yes
-Restart=on-failure
 ExecStart=${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/https_dns_proxy \
   -v -v ${SERVICE_EXTRA_OPTIONS}
+Restart=on-failure
+RestartSec=5
+TimeoutStartSec=20
 TimeoutStopSec=10
 
 [Install]
diff --git a/src/main.c b/src/main.c
@@ -9,6 +9,10 @@
 #include <sys/types.h>     // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <unistd.h>        // NOLINT(llvmlibc-restrict-system-libc-headers)
 
+#if HAS_LIBSYSTEMD == 1
+#include <systemd/sd-daemon.h> // NOLINT(llvmlibc-restrict-system-libc-headers)
+#endif
+
 #include "dns_poller.h"
 #include "dns_server.h"
 #include "dns_server_tcp.h"
@@ -150,6 +154,27 @@ static void dns_server_cb(void *dns_server, uint8_t is_tcp, void *data,
                      req->dns_req, dns_req_len, app->resolv, req->tx_id, https_resp_cb, req);
 }
 
+static void systemd_notify_ready(void) {
+#if HAS_LIBSYSTEMD == 1
+  static uint8_t called_once = 0;
+  if (called_once != 0) {
+    DLOG("Systemd notify already called once!");
+    return;
+  }
+  called_once = 1;
+  const int result = sd_notify(0, "READY=1");
+  if (result > 0) {
+    DLOG("Systemd notify succeeded, service is ready!");
+  } else if (result == 0) {
+    WLOG("Systemd notify called, but NOTIFY_SOCKET not set. Running manually?");
+  } else {
+    ELOG("Systemd notify failed with: %s", strerror(result));
+  }
+#else
+  DLOG("Systemd notify skipped, not compiled with libsystemd!");
+#endif
+}
+
 static int addr_list_reduced(const char* full_list, const char* list) {
   const char *pos = list;
   const char *end = list + strlen(list);
@@ -184,6 +209,9 @@ static void dns_poll_cb(const char* hostname, void *data,
     abort();  // must be impossible
   }
   (void)snprintf(buf + ip_start, sizeof(buf) - 1 - (uint32_t)ip_start, "%s", addr_list); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
+  if (app->resolv == NULL) {
+    systemd_notify_ready();
+  }
   if (app->resolv && app->resolv->data) {
     char * old_addr_list = strstr(app->resolv->data, ":443:");
     if (old_addr_list) {
@@ -394,6 +422,8 @@ int main(int argc, char *argv[]) {
     } else {
       ILOG("Resolver prefix '%s' doesn't appear to contain a "
            "hostname. DNS polling disabled.", opt.resolver_url);
+
+      systemd_notify_ready();
     }
   }
 
