There are some difficult issues with the needed port to systemd for Debian jessie.
[hr]
GitHub - Kicksecure/initializer-dist: for better security. Makes finding backdoors easier. is supposed to only be started when the system boots up. No issue with redistributable images here. It does first run initialization on first boot and then won’t ever start again, because a done file will be created. For other kinds of future install methods this is not so nice. Because when it was installed by apt-get, the service would run in background and then suddenly force restart the system, which would be very surprising and not very nice. Therefore with sysvinit it was simple. /usr/lib/first_run_initializer_gui checked if the DPKG_MAINTSCRIPT_PACKAGE environment variable was set and exits if yes. The problem here is, that systemd does not preserve the environment. (Environment= or EnvironmentFile= are not help here.)
Asked on stackexchange if env vars can be preserved:
Other implementation option… Can systemd tell somehow the script if it was called as part system boot up or other case?
[hr]
Systemd does not support custom actions?
That would be a bit troublesome. Would require some refactoring in sdwdate then. No idea how to deal with that yet. I’ll explain what custom action it supports at the moment.
/etc/init.d/sdwdate restartnd - the “nd” stands for “no dispatch”. It passes options to not dispatch gui notifications when running for the first iteration. This is useful for timesync. Because timesync restarts sdwdate using restartnd, because timesync works as a monitor that starts its own gui.
/etc/init.d/sdwdate force-reload - it deletes the first success file. Sdwdate acts differently depending on if it started up for the very first time. Then it does clock jumps using date. But if it globally succeeded at least once, it gradually adjusts the clock using sclockadj. For enforcing clock jumps (what it does when run by timesync) the force-reload option is used.
/etc/init.d/sdwdate restartndclean - a combination of both.
[hr]
https://github.com/Whonix/Whonix/issues/292 - probably not that hard, but help welcome.
[hr]
Related to above. When using StandardInput=tty then sudo systemctl restart servicename no longer works. This is a problem, because dpkg maintainer scripts automatically run a similar command (invoke-rc.d) and it would hang forever during upgrades. (When aborting, ending up with fixable package system.) So this also needs some conditional case ignoring the restart action then.
[hr]
Porting Whonix’s sysvinit files to systemd. Probably not that hard either, but also help welcome.