[arch-commits] Commit in pound/trunk (5 files)

Sat, 17 Mar 2018 12:13:51 -0700 

    Date: Saturday, March 17, 2018 @ 19:08:18
  Author: dvzrv
Revision: 308968

upgpkg: pound 2.7-6

Updating maintainer. Adding pgp verification of source.
Removing runit. Fixing build() and package() to use root for ownership of files.
Installing various docs. Switching to user/group pound in configuration and 
moving Control socket to /run/pound/ directory.
Adding Documentation, After and Wants to service. Using DynamicUser and 
RuntimeDirectory.
Adding CapabilityBoundSet/AmbientCapabilities to allow bind to ports below 1024 
(CAP_NET_BIND_SERVICE).

Modified:
  pound/trunk/PKGBUILD
  pound/trunk/pound.cfg
  pound/trunk/pound.service
Deleted:
  pound/trunk/ChangeLog
  pound/trunk/pound.runit

---------------+
 ChangeLog     |   22 ------------------
 PKGBUILD      |   68 ++++++++++++++++++++++++++++++++------------------------
 pound.cfg     |    6 ++--
 pound.runit   |   23 ------------------
 pound.service |   11 ++++++++-
 5 files changed, 53 insertions(+), 77 deletions(-)

Deleted: ChangeLog
===================================================================
--- ChangeLog   2018-03-17 18:57:31 UTC (rev 308967)
+++ ChangeLog   2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,22 +0,0 @@
-
-2009-03-22  Douglas Soares de Andrade  <doug...@archlinux.org>
-
-       * Updated for i686: 2.4.4
-       * Fixed an issue with the rc.d pound script
-
-2008-06-22  Mateusz Herych <heni...@gmail.com>
-
-       * Adding for x86_64 community - 2.4.3
-
-2008-06-22  Douglas Soares de Andrade  <d...@aur.archlinux.org>
-
-       * Adding for i686 community - 2.4.3
-
-2008-05-22  Mateusz Herych <heni...@gmail.com>
-
-       * Adding to community for x86_64
-
-2008-05-21  Douglas Soares de Andrade  <d...@aur.archlinux.org>
-
-       * Adding to community for i686
-

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2018-03-17 18:57:31 UTC (rev 308967)
+++ PKGBUILD    2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,48 +1,60 @@
 # $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com>
-# Maintainer: Douglas Soares de Andrade <d...@aur.archlinux.org>
+# Maintainer: David Runge <d...@sleepmap.de>
+# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com>
+# Contributor: Douglas Soares de Andrade <d...@aur.archlinux.org>
 # Contributor: Roberto Alsina <rals...@kde.org>
 
+_name=Pound
 pkgname=pound
 pkgver=2.7
-pkgrel=5
+pkgrel=6
 pkgdesc="A reverse proxy, load balancer, and SSL wrapper"
 arch=('x86_64')
 url="http://www.apsis.ch/pound/index_html";
-license=('GPL')
-depends=('pcre' 'openssl-1.0')
-backup=(etc/pound/pound.cfg)
-source=(http://www.apsis.ch/pound/Pound-$pkgver.tgz
-       pound.runit
-       pound.service
-       pound.cfg)
-md5sums=('ec8298aa3e4aee3ffbecdc0639d7f14a'
-         '2a555ee5871a849cb1f6e6ba2ff054df'
-         'c0d0726a96dfda0e83843362e401b3dc'
-         '8937808acd22c6391ebe4340af8df854')
+license=('GPL3')
+depends=('gperftools' 'pcre' 'openssl-1.0')
+backup=('etc/pound/pound.cfg')
+# switch to https://github.com/graygnuorg/pound for openssl
+source=("http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.tgz";
+        
"${_name}-${pkgver}.tgz.asc::http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.asc";
+        "${pkgname}.service"
+        "${pkgname}.cfg")
+sha512sums=('3edfb948715ff7e38b7665cc083eb5619daf4c2ddda4efcffffa2bcf5d8c1ee158fa5275b16bbaea4cf51bf3f8c022ba2197d5f67d57732404a448ae00e62aa1'
+            'SKIP'
+            
'7111df07cb3500c378afb19abbd1ef5f97a566101cd68712a1d6c8015f23463fc06347ec8cb189f2774c954343b8b8815416be1a4acd3ec31f20f03e90cdf603'
+            
'32d33474a115dfc9d5ccc094ffdb3c367108a48976cf3e58442642dab08167cd0a1808eefa1879e3c38b607d2a6a1cd28142dbd690244368760daba1f95526f6')
 
 prepare() {
-  cd "$srcdir"/Pound-$pkgver
-  sed -i -e 's/openssl/openssl-1.0/' Makefile.in
+  cp -av "${_name}-${pkgver}" "${pkgname}-${pkgver}"
+  cd "${pkgname}-${pkgver}"
+  # use openssl-1.0 to generate dhparam
+  sed -e 's/openssl/openssl-1.0/' -i Makefile.in
 }
 
 build() {
-  cd "$srcdir"/Pound-$pkgver
+  cd "${pkgname}-${pkgver}"
   CPPFLAGS+=" -I/usr/include/openssl-1.0" \
   LDFLAGS+=" -L/usr/lib/openssl-1.0" \
-  ./configure --prefix=/usr --sysconfdir=/etc/pound --sbindir=/usr/bin
+  ./configure --prefix=/usr \
+              --sysconfdir=/etc/pound \
+              --bindir=/usr/bin \
+              --sbindir=/usr/bin \
+              --with-ssl='/usr/lib/openssl-1.0' \
+              --with-owner=root \
+              --with-group=root
   make
 }
 
 package() {
-  cd "$srcdir"/Pound-$pkgver
-  install -d "$pkgdir"/usr/sbin
-  make DESTDIR="$pkgdir" install 
-  chown root.root -R "$pkgdir"/usr
-  install -d "$pkgdir"/etc/sv
-  install -d "$pkgdir"/etc/sv/pound
-  install -m0755 "$srcdir"/pound.runit "$pkgdir"/etc/sv/pound/run
-  install -D -m0644 "$srcdir"/pound.cfg "$pkgdir"/etc/pound/pound.cfg
-  install -Dm0644 "$srcdir"/$pkgname.service 
"$pkgdir"/usr/lib/systemd/system/$pkgname.service
-  rmdir "$pkgdir"/usr/sbin
+  cd "${pkgname}-${pkgver}"
+  make DESTDIR="$pkgdir" install
+  # configuration
+  install -vDm 0644 "${srcdir}/${pkgname}.cfg" \
+    "${pkgdir}/etc/${pkgname}/${pkgname}.cfg"
+  # systemd service
+  install -vDm 0644 "$srcdir/${pkgname}.service" \
+    "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+  # docs
+  install -vDm 0644 {CHANGELOG,FAQ,README} \
+    -t "${pkgdir}/usr/share/doc/${pkgname}/"
 }

Modified: pound.cfg
===================================================================
--- pound.cfg   2018-03-17 18:57:31 UTC (rev 308967)
+++ pound.cfg   2018-03-17 19:08:18 UTC (rev 308968)
@@ -6,8 +6,8 @@
 ## GLOBAL SETTINGS
 ##
 ## Specify the user and group Pound will run as.
-#User         "http"
-#Group        "http"
+#User         "pound"
+#Group        "pound"
 ##
 ## Specify the directory that Pound will chroot to at runtime.
 #RootJail     "/"
@@ -46,7 +46,7 @@
 #SSLEngine    "name"
 ##
 ## Set the control socket path.
-#Control      "/tmp/poundctl.socket"
+Control      "/run/pound/poundctl.socket"
 ##
 ##
 ## LISTENERS

Deleted: pound.runit
===================================================================
--- pound.runit 2018-03-17 18:57:31 UTC (rev 308967)
+++ pound.runit 2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,23 +0,0 @@
-#!/bin/sh
-exec 2>&1
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-BIN=/usr/bin/pound
-OPTS="-f /etc/pound/pound.cfg -p /var/run/pound.pid"
-SVC=pound
-
-PID=`pidof $BIN`
-if [ -z "$PID" ]
-then
-       if [ -f /var/run/$SVC.pid ]
-       then
-               rm /var/run/$SVC.pid
-               rm_daemon $SVC
-       fi
-       echo "Starting $SVC daemon"
-       $BIN $OPTS
-else
-       [ -z $PID ] || exec watchpid $PID
-fi

Modified: pound.service
===================================================================
--- pound.service       2018-03-17 18:57:31 UTC (rev 308967)
+++ pound.service       2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,10 +1,19 @@
 [Unit]
 Description=A reverse proxy, load balancer, and SSL wrapper
+Documentation=man:pound(8)
+After=syslog.target network-online.target systemd-sysusers.service
+Wants=network-online.target
 
 [Service]
 Type=forking
+DynamicUser=yes
+RuntimeDirectory=pound
+ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound.pid
 PIDFile=/run/pound.pid
-ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound.pid
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target

Reply via email to