PIB

以下の debian sid 環境での問題

$ uname -a
Linux efleat1 4.13.0-1-amd64 #1 SMP Debian 4.13.13-1 (2017-11-16) x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux unstable (sid)
Release:        unstable
Codename:       sid

$ dpkg -l|grep knockd
ii  knockd                                                      0.7-1                          amd64        small port-knock daemon

knockd が static 扱いになっており、dead の状態

$ systemctl status knockd|cat
● knockd.service - Port-Knock Daemon
   Loaded: loaded (/lib/systemd/system/knockd.service; static; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:knockd(1)

しかし enable しようとしても以下のように表示されて出来ない。

$ sudo systemctl enable knockd
Synchronizing state of knockd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable knockd
The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
settings in the [Install] section, and DefaultInstance for template units).
This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
   .wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
   a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
   D-Bus, udev, scripted systemctl call, ...).
4) In case of template units, the unit is meant to be enabled with some
   instance name specified.

ググると以下のような情報が引っかかった

• Google: debian knockd systemct
• serverfault / 2017-07-07: How to run knockd with Debian 9 on system boot?
• Debian Bug report logs - #868015 knockd does not start after system reboot

/lib/systemd/system/knockd.service に当てる patch が投稿されていたので、とりあえずこれを当てみた。

$ cd /tmp

$ wget --content-disposition "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=868015;filename=knockd.service.patch;msg=15"
--2018-01-03 13:16:38--  https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=868015;filename=knockd.service.patch;msg=15
bugs.debian.org (bugs.debian.org) をDNSに問いあわせています... 2607:f8f0:614:1::1274:39, 2605:bc80:3010:b00:0:deb:166:201, 209.87.16.39, ...
bugs.debian.org (bugs.debian.org)|2607:f8f0:614:1::1274:39|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 特定できません [text/plain]
`knockd.service.patch' に保存中

knockd.service.patc     [ <=>                ]     235  --.-KB/s 時間 0s

2018-01-03 13:16:39 (1.18 MB/s) - `knockd.service.patch' へ保存終了 [291]

$ cd /lib/systemd/system

$ sudo patch --verbose -b -i knockd.service.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- knockd.service.orig        2017-09-01 11:27:21.080168675 +0800
|+++ knockd.service     2017-09-01 11:27:35.432233376 +0800
--------------------------
patching file knockd.service
Using Plan A...
Hunk #1 succeeded at 11.
done

$ ls -l knockd.service*
-rw-r--r-- 1 root root 375  1月  3 13:17 knockd.service
-rw-r--r-- 1 root root 316 10月  8  2016 knockd.service.orig

以上のように patch を適用したところ、以下のように enable 出来た。

$ systemctl status knockd|cat
● knockd.service - Port-Knock Daemon
   Loaded: loaded (/lib/systemd/system/knockd.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:knockd(1)

$ sudo systemctl enable knockd
Synchronizing state of knockd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable knockd
insserv: warning: current start runlevel(s) (empty) of script `knockd' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `knockd' overrides LSB defaults (0 1 6).
Created symlink /etc/systemd/system/knockd.service → /lib/systemd/system/knockd.service.

$ systemctl status knockd|cat
● knockd.service - Port-Knock Daemon
   Loaded: loaded (/lib/systemd/system/knockd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:knockd(1)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/knockd.service

7 月の issue に対して 9 月に patch が付いて、12 月に進展は？って聞かれてもそのまま放置されてるのって地味に辛い状況。

因みに ubuntu の場合、

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

$ dpkg -l|grep knockd
ii  knockd                                                      0.5-3ubuntu1                                 amd64        small port-knock daemon

となってるんだけど、
/lib/systemd/system/knockd.service は含まれておらず、
/etc/init.d/knockd だけでちゃんと boot 時に有効になってるみたい。