From 5bd666247ca39ae75dcd6ebb4fcf1b949af959ab Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Mon, 29 Jul 2013 22:45:51 -0700
Subject: [PATCH 1/3] feat(dev-db/etcd): run as etcd user

thie patch does a few things

1) Add the etcd user and run etcd as that user

2) Add the /var/lib/etcd directory and have it owned by the etcd user

3) Move /media/state/etcd/* files into /var/lib/etcd/ and chown them to
   etcd

Test-plan: Build an AMI and ensure this all works with the
bootstrapping.
---
 ...-base-0-r63.ebuild => coreos-base-0-r64.ebuild} |  0
 .../coreos-base/coreos-base/coreos-base-0.ebuild   |  3 ++-
 .../{etcd-0.0.1-r3.ebuild => etcd-0.0.1-r4.ebuild} |  0
 .../coreos-overlay/dev-db/etcd/etcd-0.0.1.ebuild   |  4 ++++
 .../coreos-overlay/dev-db/etcd/etcd-99999.ebuild   |  9 +++++++--
 .../coreos-overlay/dev-db/etcd/files/coreos-c10n   |  1 -
 .../coreos-overlay/dev-db/etcd/files/etcd-pre-exec | 14 ++++++++++++++
 .../coreos-overlay/dev-db/etcd/files/etcd.service  |  3 +++
 8 files changed, 30 insertions(+), 4 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/{coreos-base-0-r63.ebuild => coreos-base-0-r64.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/dev-db/etcd/{etcd-0.0.1-r3.ebuild => etcd-0.0.1-r4.ebuild} (100%)
 create mode 100755 sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r63.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r64.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r63.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r64.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index bbea6c902f..9d3660a2bf 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -197,7 +197,7 @@ pkg_postinst() {
 	copy_or_add_daemon_user "polkituser" 206  # For policykit
 #	copy_or_add_daemon_user "tss" 207         # For trousers (TSS/TPM)
 	copy_or_add_daemon_user "pkcs11" 208      # For pkcs11 clients
-	copy_or_add_daemon_user "qdlservice" 209  # for QDLService
+#	copy_or_add_daemon_user "qdlservice" 209  # for QDLService
 #	copy_or_add_daemon_user "cromo" 210       # For cromo (modem manager)
 #	copy_or_add_daemon_user "cashew" 211      # Deprecated, do not reuse
 	copy_or_add_daemon_user "ipsec" 212       # For strongswan/ipsec VPN
@@ -220,6 +220,7 @@ pkg_postinst() {
 #	copy_or_add_daemon_user "watchdog" 229    # For daisydog
 #	copy_or_add_daemon_user "devbroker" 230   # For permission_broker
 #	copy_or_add_daemon_user "xorg" 231        # For Xorg
+	copy_or_add_daemon_user "etcd" 232        # For etcd
 	# Reserve some UIDs/GIDs between 300 and 349 for sandboxing FUSE-based
 	# filesystem daemons.
 #	copy_or_add_daemon_user "ntfs-3g" 300     # For ntfs-3g prcoess
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1-r4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1-r4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1.ebuild
index 199c4bf9b7..fef8e87cd0 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1.ebuild
@@ -33,8 +33,12 @@ src_install() {
 	dobin ${S}/${PN}
 	dobin ${FILESDIR}/coreos-c10n
 	dobin ${FILESDIR}/etcd-bootstrap
+	dobin ${FILESDIR}/etcd-pre-exec
 	dobin ${FILESDIR}/block-until-url
 
+	keepdir /var/lib/${PN}
+	fowners etcd:etcd /var/lib/${PN}
+
 	systemd_dounit "${FILESDIR}"/${PN}.service
 	systemd_enable_service multi-user.target ${PN}.service
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-99999.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-99999.ebuild
index 3c19817a38..5b5d0051e9 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-99999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-99999.ebuild
@@ -21,8 +21,8 @@ KEYWORDS="~amd64"
 IUSE=""
 
 DEPEND=">=dev-lang/go-1.1"
-GOROOT="${ED}usr/$(get_libdir)/go"
-GOPKG="${PN}"
+
+ETCD_PACKAGE="github.com/coreos/etcd"
 
 src_compile() {
 	./build
@@ -32,6 +32,11 @@ src_install() {
 	dobin ${S}/${PN}
 	dobin ${FILESDIR}/coreos-c10n
 	dobin ${FILESDIR}/etcd-bootstrap
+	dobin ${FILESDIR}/etcd-pre-exec
+	dobin ${FILESDIR}/block-until-url
+
+	keepdir /var/lib/${PN}
+	fowners etcd:etcd /var/lib/${PN}
 
 	systemd_dounit "${FILESDIR}"/${PN}.service
 	systemd_enable_service multi-user.target ${PN}.service
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n
index e264dd9079..39c255b3a2 100755
--- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n
@@ -4,7 +4,6 @@ C10N_ENDPOINT=https://core-api.appspot.com/v1/c10n/group
 META_URL="http://169.254.169.254/latest"
 
 ETCD_BOOTSTRAP="/var/run/etcd/bootstrap.config"
-[ ! -e "/var/run/etcd/" ] && mkdir "/var/run/etcd/"
 
 /usr/bin/block-until-url $C10N_ENDPOINT
 /usr/bin/block-until-url $META_URL
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec
new file mode 100755
index 0000000000..827f7d13fc
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec
@@ -0,0 +1,14 @@
+#!/bin/sh -e
+
+# Fixup the old state directory
+OLD_STATE=/media/state/etcd
+STATE=/var/lib/etcd
+
+if [ -d /media/state/etcd ]; then
+  cp -R ${OLD_STATE}/. ${STATE}
+  rm -R ${OLD_STATE}
+  chown -R etcd:etcd ${STATE}
+fi
+
+mkdir /var/run/etcd
+chown etcd:etcd /var/run/etcd
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd.service b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd.service
index bd08c04c9d..728b8609fd 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd.service
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd.service
@@ -1,4 +1,7 @@
 [Service]
+User=etcd
+PermissionsStartOnly=true
+ExecStartPre=/usr/bin/etcd-pre-exec
 ExecStart=/usr/bin/etcd-bootstrap
 
 [Install]

From db2708f2e897a1fabcd725e065f6c0cad67cdf41 Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Tue, 30 Jul 2013 09:03:45 -0700
Subject: [PATCH 2/3] fix(dev-db/etcd): use new state location

have etcd use /var/lib like other daemons do.
---
 .../third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap
index 611cc898c4..536defbdd7 100755
--- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap
@@ -7,7 +7,7 @@ MY_IP=$(curl -s $META_URL/meta-data/local-ipv4)
 BOOTSTRAP="/var/run/etcd/bootstrap.config"
 
 # for etcd
-STATE=/media/state/etcd
+STATE=/var/lib/etcd
 mkdir -p $STATE
 
 [ ! -e $BOOTSTRAP ] && echo bootstrap config missing && exit 1

From bf35170ead294eb27a5708c3e7d789d0bdf5a66a Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Tue, 30 Jul 2013 09:04:47 -0700
Subject: [PATCH 3/3] fix(dev-db/etcd): use mkdir -p in pre-exec

Ensure that we don't fail on the /var/run/etcd directory creation.
---
 .../third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec
index 827f7d13fc..2d5e51de39 100755
--- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec
+++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-pre-exec
@@ -10,5 +10,5 @@ if [ -d /media/state/etcd ]; then
   chown -R etcd:etcd ${STATE}
 fi
 
-mkdir /var/run/etcd
+mkdir -p /var/run/etcd
 chown etcd:etcd /var/run/etcd