Bug#922082: src:systemd: please package a minimal build of systemd-socket-activate separately

[Daniel Kahn Gillmor]

Package: src:systemd
Version: 240-5
Severity: wishlist

More daemons are beginning to offer systemd-style socket activation,
which is a very nice feature for security and isolation.

However, those daemons are difficult to run on non-systemd systems, so
most upstream daemon authors continue to ship a lot of
non-socket-activated code (opening sockets, dropping privileges, etc),
much of which is buggy.

If those non-systemd systems had a simple-to-install socket activation
wrapper, then we could convince the daemons to drop their
non-socket-activated codepaths, and encourage them to launch their
daemons something like this:

    systemd-socket-activate -l $portnum -- \
      runuser -u special-user -- \
      daemon-command daemonarg1 daemonarg2

So what i'd like to see is minimalist systemd-socket-activate,
packaged and installable separately.

The current systemd-socket-activate isn't well-tuned for that -- it
links to libsystemd-shared-240.so -- but if we could build it without
that linkage (or statically-linked?), i think it would be useful to
help convince daemon upstreams to reduce their code complexity.

     --dkg


-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)