Date: Tuesday, November 6, 2018 @ 16:24:24 Author: archange Revision: 401708
upgpkg: cozy-stack 2018M4S3-1 Modified: cozy-stack/trunk/PKGBUILD cozy-stack/trunk/cozy-stack.service --------------------+ PKGBUILD | 12 ++++++------ cozy-stack.service | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 6 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-11-06 15:33:13 UTC (rev 401707) +++ PKGBUILD 2018-11-06 16:24:24 UTC (rev 401708) @@ -1,8 +1,8 @@ # Maintainer: Bruno Pagani <archa...@archlinux.org> pkgname=cozy-stack -pkgver=2018M4S2 -pkgrel=2 +pkgver=2018M4S3 +pkgrel=1 pkgdesc="Digital home: brings all your web services in the same private space – Stack component" arch=('x86_64') url="https://cozy.io" @@ -14,14 +14,14 @@ optdepends=('nodejs: konnectors without isolation' 'nsjail: isolated konnectors' 'smtp-forwarder: to allow sending mail to users') -source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver/+/-}.orig.tar.xz" +source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver}.orig.tar.xz" "cozy.yml" "${pkgname}.service" "${pkgname}.sysusers" "${pkgname}.tmpfiles") -sha256sums=('04dce19da46cd507335d60fac28a20dad489a1bc321ee47df1693b2a2661885d' +sha256sums=('5ab1975ccb042c841915041546c330fce82992c7bc92bfdf2288d3f7a6190818' '450a41a054871b63ee0d968397d623faa50532269d875c0174633ea543701431' - 'f0a8cc43c51daeba92b36b449537eb6fa5d3fb84ef1428dc586266749ed742e0' + 'ad9b40170e2b07d5aa5ea6d444ad16c96bb39adb5ff579db5cc39cb4e2ec3f91' 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984' 'fd333c2fd0de859890204554f52a5c64b953664f6cb262b20bb839aa70ed9ecb') @@ -28,7 +28,7 @@ build() { export GOPATH="${srcdir}"/cozy-stack cd cozy-stack/src/github.com/cozy/cozy-stack - go build -o "${srcdir}"/bin/cozy-stack \ + go build -v -o "${srcdir}"/bin/cozy-stack \ -gcflags "all=-trimpath=${GOPATH}" \ -asmflags "all=-trimpath=${GOPATH}" \ -ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \ Modified: cozy-stack.service =================================================================== --- cozy-stack.service 2018-11-06 15:33:13 UTC (rev 401707) +++ cozy-stack.service 2018-11-06 16:24:24 UTC (rev 401708) @@ -7,8 +7,27 @@ User=cozy Group=cozy PermissionsStartOnly=true +WorkingDirectory=~ +LogsDirectory=cozy +StateDirectory=cozy ExecStart=/usr/bin/cozy-stack serve Restart=always +CapabilityBoundingSet= +NoNewPrivileges=True +#SecureBits=noroot-locked +PrivateUsers=true +PrivateDevices=true +PrivateTmp=true +ProtectHome=true +ProtectSystem=strict +ProtectControlGroups=yes +ProtectKernelTunables=true +ProtectKernelModules=yes +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=@system-service [Install] WantedBy=multi-user.target