From f1dd818aef4864663d8fb39117d5a1d8e64b268b Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 9 Apr 2026 22:44:29 +0100
Subject: [PATCH] Arrange for log rotation

Closes: #1053571
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 debian/init             | 28 +++++++++++++++-------------
 debian/secnet.logrotate |  9 +++++++++
 2 files changed, 24 insertions(+), 13 deletions(-)
 create mode 100644 debian/secnet.logrotate

diff --git a/debian/init b/debian/init
index a82f127..1824bad 100644
--- a/debian/init
+++ b/debian/init
@@ -21,6 +21,8 @@ set -e
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/sbin/secnet
 NAME=secnet
+USER=
+LOGFILE=/var/log/secnet
 DESC="VPN server"
 
 test -f $DAEMON || exit 0
@@ -45,18 +47,18 @@ case "$1" in
 	    /var/run/$NAME.pid --exec $DAEMON
 	echo "$NAME."
 	;;
-  #reload)
-	#
-	#	If the daemon can reload its config files on the fly
-	#	for example by sending it SIGHUP, do it here.
-	#
-	#	If the daemon responds to changes in its config file
-	#	directly anyway, make this a do-nothing entry.
-	#
-	# echo "Reloading $DESC configuration files."
-	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
-	#	/var/run/$NAME.pid --exec $DAEMON
-  #;;
+  log-reopen)
+        if [ "x$USER" != x ] && ! test -f /var/log/secnet; then (
+	    echo "Recreating $DESC logfile $LOGFILE owned by $USER."
+	    umask 027
+	    touch -- "$LOGFILE"
+	    chown $USER:adm "$LOGFILE"
+	); fi
+
+	echo "Causing $DESC to reopen its logfiles."
+	start-stop-daemon --stop --signal 1 --quiet --oknodo 	\
+	    --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON
+  	;;
   restart|force-reload)
 	#
 	#	If the "reload" option is implemented, move the "force-reload"
@@ -73,7 +75,7 @@ case "$1" in
 	;;
   *)
 	N=/etc/init.d/$NAME
-	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	echo "Usage: $N {start|stop|restart|force-reload|log-reopen}" >&2
 	exit 1
 	;;
 esac
diff --git a/debian/secnet.logrotate b/debian/secnet.logrotate
new file mode 100644
index 0000000..1b5169a
--- /dev/null
+++ b/debian/secnet.logrotate
@@ -0,0 +1,9 @@
+/var/log/secnet {
+    rotate 4
+    daily
+    postrotate
+        # If secnet is configured to run as a non-root user,
+	# set USER in /etc/default/secnet or this may not be effective.
+        /etc/init.d/secnet log-reopen
+    endscript
+}
-- 
2.30.2