mkunit validate

Validate unit files for common issues and mistakes.

Description

The validate command checks unit files for common issues including syntax errors, missing executables, relative paths, and configuration problems. It uses systemd-analyze verify under the hood plus additional checks.

Arguments

Flags

Validation Checks

mkunit validate checks for the following issues:

Errors (will fail validation)

• Invalid INI syntax
• Missing required sections (e.g., [Service] for .service units)
• Invalid directive names
• Invalid values for known directives
• Circular dependencies

Warnings

• Relative paths in ExecStart - Should use absolute paths
• Missing executable - The command doesn't exist at the specified path
• Non-executable file - The file exists but isn't executable
• Missing WorkingDirectory - Directory doesn't exist
• Deprecated directives - Using old/deprecated options
• Security concerns - Running as root without hardening
• Missing [Install] section - Unit can't be enabled

Examples

Validate an installed unit

mkunit validate myapp

Example output:

Validating myapp.service...
✓ Syntax OK
✓ ExecStart path exists
⚠ Warning: No security hardening options enabled
⚠ Warning: Consider adding ProtectSystem=strict

1 error, 2 warnings

Validate a unit file before installing

mkunit validate ./myapp.service

Strict mode (fail on warnings)

mkunit validate myapp --strict

JSON output for CI/CD

mkunit validate myapp --json

Example JSON output:

{
  "unit": "myapp.service",
  "valid": true,
  "errors": [],
  "warnings": [
    {
      "code": "W001",
      "message": "No security hardening options enabled",
      "line": null,
      "suggestion": "Add --hardening flag or manually add security directives"
    }
  ]
}

Validate in CI pipeline

# In your CI script
mkunit service myapp --exec "./server" --dry-run > myapp.service
mkunit validate ./myapp.service --strict
if [ $? -ne 0 ]; then
  echo "Unit validation failed"
  exit 1
fi