fix: handle masked/missing caddy.service during package transition

Fixes the postinst failure when replacing stock caddy on hosts where caddy.service was masked. The unit file could be missing after dpkg removes the old caddy package, causing systemctl enable to fail. Changes: - postinst: unmask caddy.service before enable, recreate unit file from embedded copy if missing after unmasking, stop caddy-api.service with guard - preinst (new): stop caddy.service and caddy-api.service with || true guards before install/upgrade - Makefile: include preinst in deb build Handles three scenarios: 1. Fresh install (no prior caddy) 2. Upgrade from stock caddy with masked service 3. Upgrade from previous madcat-caddy Closes #1
2026-06-12 21:24:11 +02:00
parent 879dcb4b5f
commit 3f911ab7a6
3 changed files with 74 additions and 2 deletions
@@ -49,10 +49,11 @@ deb: $(BUILD_DIR)/caddy
 	sed 's/{{VERSION}}/$(VERSION)-$(REVISION)/g; s/{{ARCH}}/$(ARCH)/g' debian/control > $(STAGING_DIR)/DEBIAN/control

 	@# Scripts
+	cp debian/preinst $(STAGING_DIR)/DEBIAN/
 	cp debian/postinst $(STAGING_DIR)/DEBIAN/
 	cp debian/prerm $(STAGING_DIR)/DEBIAN/
 	cp debian/postrm $(STAGING_DIR)/DEBIAN/
-	chmod 755 $(STAGING_DIR)/DEBIAN/postinst $(STAGING_DIR)/DEBIAN/prerm $(STAGING_DIR)/DEBIAN/postrm
+	chmod 755 $(STAGING_DIR)/DEBIAN/preinst $(STAGING_DIR)/DEBIAN/postinst $(STAGING_DIR)/DEBIAN/prerm $(STAGING_DIR)/DEBIAN/postrm

 	@# Conffiles
 	cp debian/conffiles $(STAGING_DIR)/DEBIAN/
@@ -1,6 +1,15 @@
 #!/bin/sh
+# postinst for madcat-caddy
+#
+# Handles:
+#   - Fresh install (no prior caddy)
+#   - Upgrade from stock caddy with masked service
+#   - Upgrade from previous madcat-caddy
+
 set -e

+UNIT_PATH="/usr/lib/systemd/system/caddy.service"
+
 # Create caddy user/group if they don't exist
 if ! getent group caddy >/dev/null 2>&1; then
    groupadd --system caddy
@@ -16,9 +25,57 @@ mkdir -p /var/lib/caddy/.config/caddy
 mkdir -p /var/lib/caddy/.local/share/caddy
 chown -R caddy:caddy /var/lib/caddy

-# Enable and start the service
+# Stop caddy-api.service if it exists (leftover from stock caddy)
 if [ -d /run/systemd/system ]; then
+    systemctl stop caddy-api.service 2>/dev/null || true
+fi
+
+# Handle systemd service setup
+if [ -d /run/systemd/system ]; then
+    # If the unit file is missing (removed during package transition) or is a
+    # dangling symlink (masked unit pointing to /dev/null), recreate it.
+    if [ ! -f "$UNIT_PATH" ] || [ -L "$UNIT_PATH" ]; then
+        # Unmask first — removes the /dev/null symlink if masked
+        systemctl unmask caddy.service 2>/dev/null || true
+
+        # If still missing after unmask, recreate from our embedded copy
+        if [ ! -f "$UNIT_PATH" ]; then
+            mkdir -p "$(dirname "$UNIT_PATH")"
+            cat > "$UNIT_PATH" << 'UNIT'
+[Unit]
+Description=Caddy web server (madcat-caddy)
+Documentation=https://caddyserver.com/docs/
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=notify
+User=caddy
+Group=caddy
+ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+UNIT
+        fi
+    fi
+
+    # Reload systemd to pick up the unit file (new or recreated)
    systemctl daemon-reload
+
+    # Unmask again after reload in case it was masked in systemd's state
+    systemctl unmask caddy.service 2>/dev/null || true
+
+    # Enable and start
    systemctl enable caddy.service
    systemctl start caddy.service || true
 fi
@@ -0,0 +1,14 @@
+#!/bin/sh
+# preinst for madcat-caddy
+#
+# Stop existing caddy services before install/upgrade.
+# Guards against failures when services don't exist (e.g., caddy-api.service
+# from stock caddy may not be present on all systems).
+
+set -e
+
+if [ -d /run/systemd/system ]; then
+    # Stop stock caddy services — both may not exist, so guard with || true
+    systemctl stop caddy.service 2>/dev/null || true
+    systemctl stop caddy-api.service 2>/dev/null || true
+fi