Date: Saturday, March 17, 2018 @ 19:08:18 Author: dvzrv Revision: 308968
upgpkg: pound 2.7-6 Updating maintainer. Adding pgp verification of source. Removing runit. Fixing build() and package() to use root for ownership of files. Installing various docs. Switching to user/group pound in configuration and moving Control socket to /run/pound/ directory. Adding Documentation, After and Wants to service. Using DynamicUser and RuntimeDirectory. Adding CapabilityBoundSet/AmbientCapabilities to allow bind to ports below 1024 (CAP_NET_BIND_SERVICE). Modified: pound/trunk/PKGBUILD pound/trunk/pound.cfg pound/trunk/pound.service Deleted: pound/trunk/ChangeLog pound/trunk/pound.runit ---------------+ ChangeLog | 22 ------------------ PKGBUILD | 68 ++++++++++++++++++++++++++++++++------------------------ pound.cfg | 6 ++-- pound.runit | 23 ------------------ pound.service | 11 ++++++++- 5 files changed, 53 insertions(+), 77 deletions(-) Deleted: ChangeLog =================================================================== --- ChangeLog 2018-03-17 18:57:31 UTC (rev 308967) +++ ChangeLog 2018-03-17 19:08:18 UTC (rev 308968) @@ -1,22 +0,0 @@ - -2009-03-22 Douglas Soares de Andrade <doug...@archlinux.org> - - * Updated for i686: 2.4.4 - * Fixed an issue with the rc.d pound script - -2008-06-22 Mateusz Herych <heni...@gmail.com> - - * Adding for x86_64 community - 2.4.3 - -2008-06-22 Douglas Soares de Andrade <d...@aur.archlinux.org> - - * Adding for i686 community - 2.4.3 - -2008-05-22 Mateusz Herych <heni...@gmail.com> - - * Adding to community for x86_64 - -2008-05-21 Douglas Soares de Andrade <d...@aur.archlinux.org> - - * Adding to community for i686 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-03-17 18:57:31 UTC (rev 308967) +++ PKGBUILD 2018-03-17 19:08:18 UTC (rev 308968) @@ -1,48 +1,60 @@ # $Id$ -# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Maintainer: Douglas Soares de Andrade <d...@aur.archlinux.org> +# Maintainer: David Runge <d...@sleepmap.de> +# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Contributor: Douglas Soares de Andrade <d...@aur.archlinux.org> # Contributor: Roberto Alsina <rals...@kde.org> +_name=Pound pkgname=pound pkgver=2.7 -pkgrel=5 +pkgrel=6 pkgdesc="A reverse proxy, load balancer, and SSL wrapper" arch=('x86_64') url="http://www.apsis.ch/pound/index_html" -license=('GPL') -depends=('pcre' 'openssl-1.0') -backup=(etc/pound/pound.cfg) -source=(http://www.apsis.ch/pound/Pound-$pkgver.tgz - pound.runit - pound.service - pound.cfg) -md5sums=('ec8298aa3e4aee3ffbecdc0639d7f14a' - '2a555ee5871a849cb1f6e6ba2ff054df' - 'c0d0726a96dfda0e83843362e401b3dc' - '8937808acd22c6391ebe4340af8df854') +license=('GPL3') +depends=('gperftools' 'pcre' 'openssl-1.0') +backup=('etc/pound/pound.cfg') +# switch to https://github.com/graygnuorg/pound for openssl +source=("http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.tgz" + "${_name}-${pkgver}.tgz.asc::http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.asc" + "${pkgname}.service" + "${pkgname}.cfg") +sha512sums=('3edfb948715ff7e38b7665cc083eb5619daf4c2ddda4efcffffa2bcf5d8c1ee158fa5275b16bbaea4cf51bf3f8c022ba2197d5f67d57732404a448ae00e62aa1' + 'SKIP' + '7111df07cb3500c378afb19abbd1ef5f97a566101cd68712a1d6c8015f23463fc06347ec8cb189f2774c954343b8b8815416be1a4acd3ec31f20f03e90cdf603' + '32d33474a115dfc9d5ccc094ffdb3c367108a48976cf3e58442642dab08167cd0a1808eefa1879e3c38b607d2a6a1cd28142dbd690244368760daba1f95526f6') prepare() { - cd "$srcdir"/Pound-$pkgver - sed -i -e 's/openssl/openssl-1.0/' Makefile.in + cp -av "${_name}-${pkgver}" "${pkgname}-${pkgver}" + cd "${pkgname}-${pkgver}" + # use openssl-1.0 to generate dhparam + sed -e 's/openssl/openssl-1.0/' -i Makefile.in } build() { - cd "$srcdir"/Pound-$pkgver + cd "${pkgname}-${pkgver}" CPPFLAGS+=" -I/usr/include/openssl-1.0" \ LDFLAGS+=" -L/usr/lib/openssl-1.0" \ - ./configure --prefix=/usr --sysconfdir=/etc/pound --sbindir=/usr/bin + ./configure --prefix=/usr \ + --sysconfdir=/etc/pound \ + --bindir=/usr/bin \ + --sbindir=/usr/bin \ + --with-ssl='/usr/lib/openssl-1.0' \ + --with-owner=root \ + --with-group=root make } package() { - cd "$srcdir"/Pound-$pkgver - install -d "$pkgdir"/usr/sbin - make DESTDIR="$pkgdir" install - chown root.root -R "$pkgdir"/usr - install -d "$pkgdir"/etc/sv - install -d "$pkgdir"/etc/sv/pound - install -m0755 "$srcdir"/pound.runit "$pkgdir"/etc/sv/pound/run - install -D -m0644 "$srcdir"/pound.cfg "$pkgdir"/etc/pound/pound.cfg - install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service - rmdir "$pkgdir"/usr/sbin + cd "${pkgname}-${pkgver}" + make DESTDIR="$pkgdir" install + # configuration + install -vDm 0644 "${srcdir}/${pkgname}.cfg" \ + "${pkgdir}/etc/${pkgname}/${pkgname}.cfg" + # systemd service + install -vDm 0644 "$srcdir/${pkgname}.service" \ + "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" + # docs + install -vDm 0644 {CHANGELOG,FAQ,README} \ + -t "${pkgdir}/usr/share/doc/${pkgname}/" } Modified: pound.cfg =================================================================== --- pound.cfg 2018-03-17 18:57:31 UTC (rev 308967) +++ pound.cfg 2018-03-17 19:08:18 UTC (rev 308968) @@ -6,8 +6,8 @@ ## GLOBAL SETTINGS ## ## Specify the user and group Pound will run as. -#User "http" -#Group "http" +#User "pound" +#Group "pound" ## ## Specify the directory that Pound will chroot to at runtime. #RootJail "/" @@ -46,7 +46,7 @@ #SSLEngine "name" ## ## Set the control socket path. -#Control "/tmp/poundctl.socket" +Control "/run/pound/poundctl.socket" ## ## ## LISTENERS Deleted: pound.runit =================================================================== --- pound.runit 2018-03-17 18:57:31 UTC (rev 308967) +++ pound.runit 2018-03-17 19:08:18 UTC (rev 308968) @@ -1,23 +0,0 @@ -#!/bin/sh -exec 2>&1 -# general config -. /etc/rc.conf -. /etc/rc.d/functions - -BIN=/usr/bin/pound -OPTS="-f /etc/pound/pound.cfg -p /var/run/pound.pid" -SVC=pound - -PID=`pidof $BIN` -if [ -z "$PID" ] -then - if [ -f /var/run/$SVC.pid ] - then - rm /var/run/$SVC.pid - rm_daemon $SVC - fi - echo "Starting $SVC daemon" - $BIN $OPTS -else - [ -z $PID ] || exec watchpid $PID -fi Modified: pound.service =================================================================== --- pound.service 2018-03-17 18:57:31 UTC (rev 308967) +++ pound.service 2018-03-17 19:08:18 UTC (rev 308968) @@ -1,10 +1,19 @@ [Unit] Description=A reverse proxy, load balancer, and SSL wrapper +Documentation=man:pound(8) +After=syslog.target network-online.target systemd-sysusers.service +Wants=network-online.target [Service] Type=forking +DynamicUser=yes +RuntimeDirectory=pound +ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound.pid PIDFile=/run/pound.pid -ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound.pid +ProtectControlGroups=yes +ProtectKernelModules=yes +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target