Date: Tuesday, February 22, 2022 @ 21:37:27 Author: dbermond Revision: 1136192
upgpkg: i2pd 2.41.0-1 Added: i2pd/trunk/010-i2pd-config.patch i2pd/trunk/020-i2pd-do-not-override-config.patch (from rev 1136191, i2pd/trunk/030-i2pd-do-not-override-config.patch) i2pd/trunk/030-i2pd-systemd-service-hardening.patch (from rev 1136191, i2pd/trunk/040-i2pd-systemd-service-hardening.patch) i2pd/trunk/040-i2pd-tunnels-d-readme.patch (from rev 1136191, i2pd/trunk/050-i2pd-tunnels-d-readme.patch) Modified: i2pd/trunk/PKGBUILD Deleted: i2pd/trunk/030-i2pd-do-not-override-config.patch i2pd/trunk/040-i2pd-systemd-service-hardening.patch i2pd/trunk/050-i2pd-tunnels-d-readme.patch ------------------------------------------+ 010-i2pd-config.patch | 35 +++++++++++++++++++++++++++++ 020-i2pd-do-not-override-config.patch | 11 +++++++++ 030-i2pd-do-not-override-config.patch | 11 --------- 030-i2pd-systemd-service-hardening.patch | 34 ++++++++++++++++++++++++++++ 040-i2pd-systemd-service-hardening.patch | 34 ---------------------------- 040-i2pd-tunnels-d-readme.patch | 8 ++++++ 050-i2pd-tunnels-d-readme.patch | 8 ------ PKGBUILD | 25 +++++++++----------- 8 files changed, 99 insertions(+), 67 deletions(-) Added: 010-i2pd-config.patch =================================================================== --- 010-i2pd-config.patch (rev 0) +++ 010-i2pd-config.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -0,0 +1,35 @@ +--- a/contrib/i2pd.conf ++++ b/contrib/i2pd.conf +@@ -8,19 +8,22 @@ + + ## Tunnels config file + ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf ++## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter) + # tunconf = /var/lib/i2pd/tunnels.conf + + ## Tunnels config files path + ## Use that path to store separated tunnels in different config files. + ## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d ++## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter) + # tunnelsdir = /var/lib/i2pd/tunnels.d + + ## Path to certificates used for verifying .su3, families + ## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates ++## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter) + # certsdir = /var/lib/i2pd/certificates + + ## Where to write pidfile (default: i2pd.pid, not used in Windows) +-# pidfile = /run/i2pd.pid ++# pidfile = /run/i2pd/i2pd.pid + + ## Logging configuration section + ## By default logs go to stdout with level 'info' and higher +@@ -32,7 +35,7 @@ + ## * syslog - use syslog, see man 3 syslog + # log = file + ## Path to logfile (default - autodetect) +-# logfile = /var/log/i2pd/i2pd.log ++logfile = /var/log/i2pd/i2pd.log + ## Log messages above this level (debug, info, *warn, error, none) + ## If you set it to none, logging will be disabled + # loglevel = warn Copied: i2pd/trunk/020-i2pd-do-not-override-config.patch (from rev 1136191, i2pd/trunk/030-i2pd-do-not-override-config.patch) =================================================================== --- 020-i2pd-do-not-override-config.patch (rev 0) +++ 020-i2pd-do-not-override-config.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -0,0 +1,11 @@ +--- a/contrib/i2pd.service ++++ b/contrib/i2pd.service +@@ -11,7 +11,7 @@ RuntimeDirectoryMode=0700 + LogsDirectory=i2pd + LogsDirectoryMode=0700 + Type=forking +-ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service ++ExecStart=/usr/bin/i2pd --conf=/var/lib/i2pd/i2pd.conf --pidfile=/run/i2pd/i2pd.pid --daemon --service + ExecReload=/bin/sh -c "kill -HUP $MAINPID" + PIDFile=/run/i2pd/i2pd.pid + ### Uncomment, if auto restart needed Deleted: 030-i2pd-do-not-override-config.patch =================================================================== --- 030-i2pd-do-not-override-config.patch 2022-02-22 20:56:17 UTC (rev 1136191) +++ 030-i2pd-do-not-override-config.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -1,11 +0,0 @@ ---- a/contrib/i2pd.service -+++ b/contrib/i2pd.service -@@ -11,7 +11,7 @@ RuntimeDirectoryMode=0700 - LogsDirectory=i2pd - LogsDirectoryMode=0700 - Type=forking --ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service -+ExecStart=/usr/bin/i2pd --conf=/var/lib/i2pd/i2pd.conf --pidfile=/run/i2pd/i2pd.pid --daemon --service - ExecReload=/bin/sh -c "kill -HUP $MAINPID" - PIDFile=/run/i2pd/i2pd.pid - ### Uncomment, if auto restart needed Copied: i2pd/trunk/030-i2pd-systemd-service-hardening.patch (from rev 1136191, i2pd/trunk/040-i2pd-systemd-service-hardening.patch) =================================================================== --- 030-i2pd-systemd-service-hardening.patch (rev 0) +++ 030-i2pd-systemd-service-hardening.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -0,0 +1,34 @@ +--- a/contrib/i2pd.service ++++ b/contrib/i2pd.service +@@ -33,5 +33,31 @@ LimitNOFILE=4096 + # To enable write of coredump uncomment this + #LimitCORE=infinity + ++# Hardening options ++PrivateTmp=true ++ProtectSystem=strict ++ProtectHome=true ++PrivateDevices=true ++ProtectKernelTunables=true ++ProtectControlGroups=true ++NoNewPrivileges=true ++MemoryDenyWriteExecute=true ++LockPersonality=true ++SystemCallFilter=@system-service ++RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelLogs=true ++ProtectKernelModules=true ++ProtectProc=invisible ++ProcSubset=pid ++PrivateMounts=true ++PrivateUsers=true ++ReadWritePaths=/var/lib/i2pd /var/log/i2pd ++RemoveIPC=true ++RestrictRealtime=true ++RestrictSUIDSGID=true ++SystemCallArchitectures=native ++ + [Install] + WantedBy=multi-user.target Deleted: 040-i2pd-systemd-service-hardening.patch =================================================================== --- 040-i2pd-systemd-service-hardening.patch 2022-02-22 20:56:17 UTC (rev 1136191) +++ 040-i2pd-systemd-service-hardening.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -1,34 +0,0 @@ ---- a/contrib/i2pd.service -+++ b/contrib/i2pd.service -@@ -33,5 +33,31 @@ LimitNOFILE=4096 - # To enable write of coredump uncomment this - #LimitCORE=infinity - -+# Hardening options -+PrivateTmp=true -+ProtectSystem=strict -+ProtectHome=true -+PrivateDevices=true -+ProtectKernelTunables=true -+ProtectControlGroups=true -+NoNewPrivileges=true -+MemoryDenyWriteExecute=true -+LockPersonality=true -+SystemCallFilter=@system-service -+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -+ProtectHostname=true -+ProtectClock=true -+ProtectKernelLogs=true -+ProtectKernelModules=true -+ProtectProc=invisible -+ProcSubset=pid -+PrivateMounts=true -+PrivateUsers=true -+ReadWritePaths=/var/lib/i2pd /var/log/i2pd -+RemoveIPC=true -+RestrictRealtime=true -+RestrictSUIDSGID=true -+SystemCallArchitectures=native -+ - [Install] - WantedBy=multi-user.target Copied: i2pd/trunk/040-i2pd-tunnels-d-readme.patch (from rev 1136191, i2pd/trunk/050-i2pd-tunnels-d-readme.patch) =================================================================== --- 040-i2pd-tunnels-d-readme.patch (rev 0) +++ 040-i2pd-tunnels-d-readme.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -0,0 +1,8 @@ +--- a/contrib/tunnels.d/README ++++ b/contrib/tunnels.d/README +@@ -1,4 +1,4 @@ +-# In that directory you can store separated config files for every tunnel. ++# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel. + # Please read documentation for more info. + # + # You can find examples in /usr/share/doc/i2pd/tunnels.d directory Deleted: 050-i2pd-tunnels-d-readme.patch =================================================================== --- 050-i2pd-tunnels-d-readme.patch 2022-02-22 20:56:17 UTC (rev 1136191) +++ 050-i2pd-tunnels-d-readme.patch 2022-02-22 21:37:27 UTC (rev 1136192) @@ -1,8 +0,0 @@ ---- a/contrib/tunnels.d/README -+++ b/contrib/tunnels.d/README -@@ -1,4 +1,4 @@ --# In that directory you can store separated config files for every tunnel. -+# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel. - # Please read documentation for more info. - # - # You can find examples in /usr/share/doc/i2pd/tunnels.d directory Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-02-22 20:56:17 UTC (rev 1136191) +++ PKGBUILD 2022-02-22 21:37:27 UTC (rev 1136192) @@ -9,8 +9,8 @@ # Contributor: r4sas pkgname=i2pd -pkgver=2.40.0 -pkgrel=2 +pkgver=2.41.0 +pkgrel=1 pkgdesc='A full-featured C++ implementation of the I2P router' arch=('x86_64') url='https://i2pd.website/' @@ -21,15 +21,13 @@ backup=('etc/i2pd/i2pd.conf' 'etc/i2pd/tunnels.conf') source=("https://github.com/PurpleI2P/i2pd/archive/${pkgver}/${pkgname}-${pkgver}.tar.gz" - '010-i2pd-use-arch-flags-on-tests.patch' - '020-i2pd-config.patch' - '030-i2pd-do-not-override-config.patch' - '040-i2pd-systemd-service-hardening.patch' - '050-i2pd-tunnels-d-readme.patch' + '010-i2pd-config.patch' + '020-i2pd-do-not-override-config.patch' + '030-i2pd-systemd-service-hardening.patch' + '040-i2pd-tunnels-d-readme.patch' 'i2pd.sysusers' 'i2pd.tmpfiles') -sha256sums=('4443f484ad40753e892170a26c8ee8126e8338bf416d04eab0c55c1c94a4e193' - 'f6ac6e147a3cd12bbd1766c49869e716d9570fb2ec4a51999cc02f074d080772' +sha256sums=('7b333cd26670903ef0672cf87aa9f895814ce2bbef2e587e69d66ad9427664e6' '45dae1e2f798d23df92c996c233fccb07349d62992d0f625be7fd913719875af' 'e98eaa783fcd8e1ab84980f68158e3bb9eb5ec101f26c748946a313152643f11' '2b84d85d4234eb3b640925d0dd244c8abe3b48bc69c8456629af923de17acf10' @@ -38,11 +36,10 @@ 'fe8cc2ec83cb5b5c2b2ec8cce9a989e0cb6fd347e00b84e03a17b12efd152fac') prepare() { - patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/010-i2pd-use-arch-flags-on-tests.patch" - patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/020-i2pd-config.patch" - patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/030-i2pd-do-not-override-config.patch" - patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-systemd-service-hardening.patch" - patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/050-i2pd-tunnels-d-readme.patch" + patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/010-i2pd-config.patch" + patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/020-i2pd-do-not-override-config.patch" + patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/030-i2pd-systemd-service-hardening.patch" + patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-tunnels-d-readme.patch" } build() {