Add Alpine/OpenRC compatibility for init system support

- Updated SPEC.md: Changed systemd requirements to distribution-dependent init system - Updated ARCHITECTURE.md: Added OpenRC hardening options and init script locations - Updated build-alpine.sh: Replaced systemd-dev with openrc, use /etc/init.d - Created configs/linux-patch-api-openrc: Full OpenRC init script - Added Dockerfile.rpm for RPM build container Init system support: - systemd: Debian, Ubuntu, RHEL, CentOS, Fedora - OpenRC: Alpine Linux Binary remains init-system agnostic - no Rust code changes required.
2026-04-13 20:16:10 +00:00
parent f81568adf3
commit 78f8882663
5 changed files with 133 additions and 27 deletions
--- a/SPEC.md
+++ b/SPEC.md
@ -41,7 +41,9 @@
 **Primary Objective:** Provide secure API for remote patch/package management on individual Linux hosts

 **Key Goals:**
- Run as systemd service on each managed machine (Option B: Agent Per Host)
+- Run as a system service on each managed machine (Option B: Agent Per Host)
+  - systemd for Debian/Ubuntu, RHEL/CentOS/Fedora
+  - OpenRC for Alpine Linux
 - Internal network access only (no internet exposure)
 - Support Debian/Ubuntu first, then expand to other distributions
 - Maintain audit trail of all operations
@ -55,7 +57,9 @@
 - One API instance per host
 - Internal network only (LAN/private network)
 - No public internet exposure
- Must run as systemd service
+- Must run as a system service (init system determined by distribution)
+  - systemd: Debian, Ubuntu, RHEL, CentOS, Fedora
+  - OpenRC: Alpine Linux

 **Technical:**
 - Must run with elevated privileges for package management (root/sudo)
@ -119,7 +123,9 @@
 ## Dependencies

 - Linux OS with package manager support
- systemd for service management
+- Init system for service management (distribution-dependent)
+  - systemd (most distributions)
+  - OpenRC (Alpine Linux)
 - Network access for API communication
 - mTLS certificate infrastructure (CA, client certs)
 - IP whitelist configuration
@ -147,8 +153,10 @@
  - Configuration changes (whitelist updates, cert renewals)

 - **Log Storage:**
-  - Primary: systemd journal (`journalctl`)
-  - Secondary: Optional remote syslog server
+  - Primary: Distribution-appropriate logging
+    - systemd journal (journalctl) on systemd systems
+    - syslog/local files on OpenRC systems
+  - Secondary: Optional remote syslog server (universal)
  - Local file logs as fallback (`/var/log/linux_patch_api/`)

 - **Log Retention:**