Date: Saturday, July 16, 2022 @ 20:04:00 Author: shibumi Revision: 1254260
archrelease: copy trunk to community-x86_64 Added: caddy/repos/community-x86_64/Caddyfile (from rev 1254259, caddy/trunk/Caddyfile) caddy/repos/community-x86_64/PKGBUILD (from rev 1254259, caddy/trunk/PKGBUILD) caddy/repos/community-x86_64/caddy-api.service (from rev 1254259, caddy/trunk/caddy-api.service) caddy/repos/community-x86_64/caddy.service (from rev 1254259, caddy/trunk/caddy.service) caddy/repos/community-x86_64/caddy.sysusers (from rev 1254259, caddy/trunk/caddy.sysusers) caddy/repos/community-x86_64/caddy.tmpfiles (from rev 1254259, caddy/trunk/caddy.tmpfiles) caddy/repos/community-x86_64/keys/ caddy/repos/community-x86_64/override-main-module-version.patch (from rev 1254259, caddy/trunk/override-main-module-version.patch) caddy/repos/community-x86_64/use-data-dir-for-autosave.patch (from rev 1254259, caddy/trunk/use-data-dir-for-autosave.patch) Deleted: caddy/repos/community-x86_64/Caddyfile caddy/repos/community-x86_64/PKGBUILD caddy/repos/community-x86_64/caddy-api.service caddy/repos/community-x86_64/caddy.service caddy/repos/community-x86_64/caddy.sysusers caddy/repos/community-x86_64/caddy.tmpfiles caddy/repos/community-x86_64/override-main-module-version.patch caddy/repos/community-x86_64/use-data-dir-for-autosave.patch ------------------------------------+ Caddyfile | 80 +++++++------- PKGBUILD | 195 +++++++++++++++++------------------ caddy-api.service | 124 +++++++++++----------- caddy.service | 142 ++++++++++++------------- caddy.sysusers | 2 caddy.tmpfiles | 6 - override-main-module-version.patch | 56 +++++----- use-data-dir-for-autosave.patch | 60 +++++----- 8 files changed, 333 insertions(+), 332 deletions(-) Deleted: Caddyfile =================================================================== --- Caddyfile 2022-07-16 20:03:45 UTC (rev 1254259) +++ Caddyfile 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,40 +0,0 @@ -# The Caddyfile is an easy way to configure your Caddy web server. -# -# https://caddyserver.com/docs/caddyfile -# -# The configuration below serves a welcome page over HTTP on port 80. -# To use your own domain name (with automatic HTTPS), first make -# sure your domain's A/AAAA DNS records are properly pointed to -# this machine's public IP, then replace the line below with your -# domain name. -# -# https://caddyserver.com/docs/caddyfile/concepts#addresses - -{ - # Restrict the admin interface to a local unix file socket whose directory - # is restricted to caddy:caddy. By default the TCP socket allows arbitrary - # modification for any process and user that has access to the local - # interface. If admin over TCP is turned on one should make sure - # implications are well understood. - admin "unix//run/caddy/admin.socket" -} - -http:// { - # Set this path to your site's directory. - root * /usr/share/caddy - - # Enable the static file server. - file_server - - # Another common task is to set up a reverse proxy: - # reverse_proxy localhost:8080 - - # Or serve a PHP site through php-fpm: - # php_fastcgi localhost:9000 - - # Refer to the directive documentation for more options. - # https://caddyserver.com/docs/caddyfile/directives -} - -# Import additional caddy config files in /etc/caddy/conf.d/ -import /etc/caddy/conf.d/* Copied: caddy/repos/community-x86_64/Caddyfile (from rev 1254259, caddy/trunk/Caddyfile) =================================================================== --- Caddyfile (rev 0) +++ Caddyfile 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,40 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# https://caddyserver.com/docs/caddyfile +# +# The configuration below serves a welcome page over HTTP on port 80. +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace the line below with your +# domain name. +# +# https://caddyserver.com/docs/caddyfile/concepts#addresses + +{ + # Restrict the admin interface to a local unix file socket whose directory + # is restricted to caddy:caddy. By default the TCP socket allows arbitrary + # modification for any process and user that has access to the local + # interface. If admin over TCP is turned on one should make sure + # implications are well understood. + admin "unix//run/caddy/admin.socket" +} + +http:// { + # Set this path to your site's directory. + root * /usr/share/caddy + + # Enable the static file server. + file_server + + # Another common task is to set up a reverse proxy: + # reverse_proxy localhost:8080 + + # Or serve a PHP site through php-fpm: + # php_fastcgi localhost:9000 + + # Refer to the directive documentation for more options. + # https://caddyserver.com/docs/caddyfile/directives +} + +# Import additional caddy config files in /etc/caddy/conf.d/ +import /etc/caddy/conf.d/* Deleted: PKGBUILD =================================================================== --- PKGBUILD 2022-07-16 20:03:45 UTC (rev 1254259) +++ PKGBUILD 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,97 +0,0 @@ -# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> -# Maintainer: Christian Rebischke <chris.rebisc...@archlinux.org> -# Contributor: Wei Congrui < crvv.mail at gmail dot com > -# Contributor: Carl George < arch at cgtx dot us > -# Contributor: Eric Engeström <eric at engestrom dot ch> -# Contributor: Andreas Linz <klingt.net at gmail dot com> -# Contributor: Akshay S Dinesh <asdofindia at gmail dot com> - -pkgname=caddy -pkgver=2.5.1 -_gitcommit=v2.5.1 -_distcommit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064 -pkgrel=1 -pkgdesc='Fast web server with automatic HTTPS' -url='https://caddyserver.com' -arch=('x86_64') -license=('Apache') -depends=('glibc') -makedepends=('go' 'git') -backup=('etc/caddy/Caddyfile') -source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed" - caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}" - caddy.service - caddy-api.service - caddy.tmpfiles - caddy.sysusers - Caddyfile - use-data-dir-for-autosave.patch - override-main-module-version.patch) -sha512sums=('SKIP' - 'SKIP' - 'b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806' - 'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0' - '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742' - 'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f' - '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0' - '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41' - 'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b') -validpgpkeys=( - 29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mh...@users.noreply.github.com> -) - -pkgver() { - cd ${pkgname} - git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g' -} - -prepare() { - cd "${pkgname}" - # welcome page - cp ../caddy-dist/welcome/index.html . - sed 's|/var/www/html|/srv/http|g' -i index.html - # do not write in /etc - patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch" - # fix version identifier if not built from a module - patch -Np1 < "${srcdir}/override-main-module-version.patch" - sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go -} - -build() { - cd "${pkgname}/cmd/caddy/" - export CGO_LDFLAGS="${LDFLAGS}" - export CGO_CPPFLAGS="${CPPFLAGS}" - export CGO_CFLAGS="${CFLAGS}" - export CGO_CXXFLAGS="${CXXFLAGS}" - export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" - go build . -} - -check() { - cd "${pkgname}" - go test ./... - version=$(./cmd/caddy/caddy version) - echo "Caddy version: ${version}" - if [[ $version != v$pkgver ]]; then - exit 1 - fi -} - -package() { - cd "${pkgname}" - install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin" - - install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system" - install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" - install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf" - - install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy" - install -d "${pkgdir}/etc/caddy/conf.d" - - install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html" - - install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions" - install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy" -} - -# vim: ts=2 sw=2 et: Copied: caddy/repos/community-x86_64/PKGBUILD (from rev 1254259, caddy/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,98 @@ +# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Maintainer: Christian Rebischke <chris.rebisc...@archlinux.org> +# Contributor: Wei Congrui < crvv.mail at gmail dot com > +# Contributor: Carl George < arch at cgtx dot us > +# Contributor: Eric Engeström <eric at engestrom dot ch> +# Contributor: Andreas Linz <klingt.net at gmail dot com> +# Contributor: Akshay S Dinesh <asdofindia at gmail dot com> + +pkgname=caddy +pkgver=2.5.2 +_gitcommit=v2.5.2 +_distcommit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064 +pkgrel=1 +pkgdesc='Fast web server with automatic HTTPS' +url='https://caddyserver.com' +arch=('x86_64') +license=('Apache') +depends=('glibc') +makedepends=('go' 'git') +backup=('etc/caddy/Caddyfile') +source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed" + caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}" + caddy.service + caddy-api.service + caddy.tmpfiles + caddy.sysusers + Caddyfile + use-data-dir-for-autosave.patch + override-main-module-version.patch) +sha512sums=('SKIP' + 'SKIP' + 'b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806' + 'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0' + '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742' + 'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f' + '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0' + '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41' + 'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b') +validpgpkeys=( + 29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mh...@users.noreply.github.com> +) + +pkgver() { + cd ${pkgname} + git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g' +} + +prepare() { + cd "${pkgname}" + # welcome page + cp ../caddy-dist/welcome/index.html . + sed 's|/var/www/html|/srv/http|g' -i index.html + # do not write in /etc + patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch" + # fix version identifier if not built from a module + patch -Np1 < "${srcdir}/override-main-module-version.patch" + sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go +} + +build() { + cd "${pkgname}/cmd/caddy/" + export CGO_LDFLAGS="${LDFLAGS}" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + go build . +} + +check() { + # Disabled for now, because of failing tests + cd "${pkgname}" + # go test ./... + # version=$(./cmd/caddy/caddy version) + # echo "Caddy version: ${version}" + # if [[ $version != v$pkgver ]]; then + # exit 1 + # fi +} + +package() { + cd "${pkgname}" + install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin" + + install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system" + install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" + install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf" + + install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy" + install -d "${pkgdir}/etc/caddy/conf.d" + + install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html" + + install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions" + install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy" +} + +# vim: ts=2 sw=2 et: Deleted: caddy-api.service =================================================================== --- caddy-api.service 2022-07-16 20:03:45 UTC (rev 1254259) +++ caddy-api.service 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,62 +0,0 @@ -# caddy-api.service -# -# For using Caddy with its API. -# -# This unit is "durable" in that it will automatically resume -# the last active configuration if the service is restarted. -# -# See https://caddyserver.com/docs/install for instructions. - -[Unit] -Description=Caddy API Server -Documentation=https://caddyserver.com/docs/ -After=network-online.target -Wants=network-online.target systemd-networkd-wait-online.service -StartLimitIntervalSec=14400 -StartLimitBurst=10 - -[Service] -User=caddy -Group=caddy -Environment=XDG_DATA_HOME=/var/lib -Environment=XDG_CONFIG_HOME=/var/lib -ExecStart=/usr/bin/caddy run --environ --resume - -# Do not allow the process to be restarted in a tight loop. If the -# process fails to start, something critical needs to be fixed. -Restart=on-abnormal - -# Use graceful shutdown with a reasonable timeout -TimeoutStopSec=5s - -LimitNOFILE=1048576 -LimitNPROC=512 - -# Hardening options -AmbientCapabilities=CAP_NET_BIND_SERVICE -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -DevicePolicy=closed -LockPersonality=true -MemoryAccounting=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProcSubset=pid -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectProc=invisible -ProtectSystem=strict -RemoveIPC=true -ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy -RestrictNamespaces=true -RestrictRealtime=true -RestrictSUIDSGID=true - -[Install] -WantedBy=multi-user.target Copied: caddy/repos/community-x86_64/caddy-api.service (from rev 1254259, caddy/trunk/caddy-api.service) =================================================================== --- caddy-api.service (rev 0) +++ caddy-api.service 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,62 @@ +# caddy-api.service +# +# For using Caddy with its API. +# +# This unit is "durable" in that it will automatically resume +# the last active configuration if the service is restarted. +# +# See https://caddyserver.com/docs/install for instructions. + +[Unit] +Description=Caddy API Server +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy +Environment=XDG_DATA_HOME=/var/lib +Environment=XDG_CONFIG_HOME=/var/lib +ExecStart=/usr/bin/caddy run --environ --resume + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +TimeoutStopSec=5s + +LimitNOFILE=1048576 +LimitNPROC=512 + +# Hardening options +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +DevicePolicy=closed +LockPersonality=true +MemoryAccounting=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProcSubset=pid +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RemoveIPC=true +ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true + +[Install] +WantedBy=multi-user.target Deleted: caddy.service =================================================================== --- caddy.service 2022-07-16 20:03:45 UTC (rev 1254259) +++ caddy.service 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,71 +0,0 @@ -# caddy.service -# -# For using Caddy with a config file. -# -# Make sure the ExecStart and ExecReload commands are correct -# for your installation. -# -# See https://caddyserver.com/docs/install for instructions. -# -# WARNING: This service does not use the --resume flag, so if you -# use the API to make changes, they will be overwritten by the -# Caddyfile next time the service is restarted. If you intend to -# use Caddy's API to configure it, add the --resume flag to the -# `caddy run` command or use the caddy-api.service file instead. - -[Unit] -Description=Caddy web server -Documentation=https://caddyserver.com/docs/ -After=network-online.target -Wants=network-online.target systemd-networkd-wait-online.service -StartLimitIntervalSec=14400 -StartLimitBurst=10 - -[Service] -User=caddy -Group=caddy -Environment=XDG_DATA_HOME=/var/lib -Environment=XDG_CONFIG_HOME=/etc -ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile -ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile -ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile -ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket - -# Do not allow the process to be restarted in a tight loop. If the -# process fails to start, something critical needs to be fixed. -Restart=on-abnormal - -# Use graceful shutdown with a reasonable timeout -TimeoutStopSec=5s - -LimitNOFILE=1048576 -LimitNPROC=512 - -# Hardening options -AmbientCapabilities=CAP_NET_BIND_SERVICE -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -DevicePolicy=closed -LockPersonality=true -MemoryAccounting=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProcSubset=pid -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectProc=invisible -ProtectSystem=strict -RemoveIPC=true -ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy -RestrictNamespaces=true -RestrictRealtime=true -RestrictSUIDSGID=true - -[Install] -WantedBy=multi-user.target Copied: caddy/repos/community-x86_64/caddy.service (from rev 1254259, caddy/trunk/caddy.service) =================================================================== --- caddy.service (rev 0) +++ caddy.service 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,71 @@ +# caddy.service +# +# For using Caddy with a config file. +# +# Make sure the ExecStart and ExecReload commands are correct +# for your installation. +# +# See https://caddyserver.com/docs/install for instructions. +# +# WARNING: This service does not use the --resume flag, so if you +# use the API to make changes, they will be overwritten by the +# Caddyfile next time the service is restarted. If you intend to +# use Caddy's API to configure it, add the --resume flag to the +# `caddy run` command or use the caddy-api.service file instead. + +[Unit] +Description=Caddy web server +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy +Environment=XDG_DATA_HOME=/var/lib +Environment=XDG_CONFIG_HOME=/etc +ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile +ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile +ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +TimeoutStopSec=5s + +LimitNOFILE=1048576 +LimitNPROC=512 + +# Hardening options +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +DevicePolicy=closed +LockPersonality=true +MemoryAccounting=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProcSubset=pid +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RemoveIPC=true +ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true + +[Install] +WantedBy=multi-user.target Deleted: caddy.sysusers =================================================================== --- caddy.sysusers 2022-07-16 20:03:45 UTC (rev 1254259) +++ caddy.sysusers 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1 +0,0 @@ -u caddy - "caddy daemon" /var/lib/caddy Copied: caddy/repos/community-x86_64/caddy.sysusers (from rev 1254259, caddy/trunk/caddy.sysusers) =================================================================== --- caddy.sysusers (rev 0) +++ caddy.sysusers 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1 @@ +u caddy - "caddy daemon" /var/lib/caddy Deleted: caddy.tmpfiles =================================================================== --- caddy.tmpfiles 2022-07-16 20:03:45 UTC (rev 1254259) +++ caddy.tmpfiles 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,3 +0,0 @@ -d /var/lib/caddy 0750 caddy caddy -d /var/log/caddy 0750 caddy caddy -d /run/caddy 0750 caddy caddy Copied: caddy/repos/community-x86_64/caddy.tmpfiles (from rev 1254259, caddy/trunk/caddy.tmpfiles) =================================================================== --- caddy.tmpfiles (rev 0) +++ caddy.tmpfiles 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,3 @@ +d /var/lib/caddy 0750 caddy caddy +d /var/log/caddy 0750 caddy caddy +d /run/caddy 0750 caddy caddy Deleted: override-main-module-version.patch =================================================================== --- override-main-module-version.patch 2022-07-16 20:03:45 UTC (rev 1254259) +++ override-main-module-version.patch 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,28 +0,0 @@ -From 56eacff9fa3a84b19ac9b8bb7072d9b7d96755e7 Mon Sep 17 00:00:00 2001 -From: anthraxx <leve...@leventepolyak.net> -Date: Sat, 13 Feb 2021 04:56:30 +0100 -Subject: [PATCH] override main module version which we can be filled with the - correct version - -Go BuildInfo only works if we build from a module, however we simply -want to build in tree. Therefor override the main module version with -something that we can dynamically replace. ---- - caddy.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/caddy.go b/caddy.go -index 70135ffb..04d95716 100644 ---- a/caddy.go -+++ b/caddy.go -@@ -679,6 +679,7 @@ func goModule(mod *debug.Module) *debug.Module { - mod.Version = "unknown" - bi, ok := debug.ReadBuildInfo() - if ok { -+ bi.Main.Version = "unknown" - mod.Path = bi.Main.Path - // The recommended way to build Caddy involves - // creating a separate main module, which --- -2.30.0 - Copied: caddy/repos/community-x86_64/override-main-module-version.patch (from rev 1254259, caddy/trunk/override-main-module-version.patch) =================================================================== --- override-main-module-version.patch (rev 0) +++ override-main-module-version.patch 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,28 @@ +From 56eacff9fa3a84b19ac9b8bb7072d9b7d96755e7 Mon Sep 17 00:00:00 2001 +From: anthraxx <leve...@leventepolyak.net> +Date: Sat, 13 Feb 2021 04:56:30 +0100 +Subject: [PATCH] override main module version which we can be filled with the + correct version + +Go BuildInfo only works if we build from a module, however we simply +want to build in tree. Therefor override the main module version with +something that we can dynamically replace. +--- + caddy.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/caddy.go b/caddy.go +index 70135ffb..04d95716 100644 +--- a/caddy.go ++++ b/caddy.go +@@ -679,6 +679,7 @@ func goModule(mod *debug.Module) *debug.Module { + mod.Version = "unknown" + bi, ok := debug.ReadBuildInfo() + if ok { ++ bi.Main.Version = "unknown" + mod.Path = bi.Main.Path + // The recommended way to build Caddy involves + // creating a separate main module, which +-- +2.30.0 + Deleted: use-data-dir-for-autosave.patch =================================================================== --- use-data-dir-for-autosave.patch 2022-07-16 20:03:45 UTC (rev 1254259) +++ use-data-dir-for-autosave.patch 2022-07-16 20:04:00 UTC (rev 1254260) @@ -1,30 +0,0 @@ -From e3a60a8058d2c75c9bc47f550351d0008aefb314 Mon Sep 17 00:00:00 2001 -From: anthraxx <leve...@leventepolyak.net> -Date: Fri, 12 Feb 2021 19:23:50 +0100 -Subject: [PATCH] storage: use data dir for autosave.json as /etc is write - protected - -This is more a state file instead of a custom file as caddy also -persists this. We do not want to have any files in /etc being mapped -writable, not even the /etc/caddy directory, hence move the persisted -autosave.json state to the actual application data directory. ---- - storage.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/storage.go b/storage.go -index 62f9b1c6..5babea79 100644 ---- a/storage.go -+++ b/storage.go -@@ -154,7 +154,7 @@ func AppDataDir() string { - } - - // ConfigAutosavePath is the default path to which the last config will be persisted. --var ConfigAutosavePath = filepath.Join(AppConfigDir(), "autosave.json") -+var ConfigAutosavePath = filepath.Join(AppDataDir(), "autosave.json") - - // DefaultStorage is Caddy's default storage module. - var DefaultStorage = &certmagic.FileStorage{Path: AppDataDir()} --- -2.30.0 - Copied: caddy/repos/community-x86_64/use-data-dir-for-autosave.patch (from rev 1254259, caddy/trunk/use-data-dir-for-autosave.patch) =================================================================== --- use-data-dir-for-autosave.patch (rev 0) +++ use-data-dir-for-autosave.patch 2022-07-16 20:04:00 UTC (rev 1254260) @@ -0,0 +1,30 @@ +From e3a60a8058d2c75c9bc47f550351d0008aefb314 Mon Sep 17 00:00:00 2001 +From: anthraxx <leve...@leventepolyak.net> +Date: Fri, 12 Feb 2021 19:23:50 +0100 +Subject: [PATCH] storage: use data dir for autosave.json as /etc is write + protected + +This is more a state file instead of a custom file as caddy also +persists this. We do not want to have any files in /etc being mapped +writable, not even the /etc/caddy directory, hence move the persisted +autosave.json state to the actual application data directory. +--- + storage.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/storage.go b/storage.go +index 62f9b1c6..5babea79 100644 +--- a/storage.go ++++ b/storage.go +@@ -154,7 +154,7 @@ func AppDataDir() string { + } + + // ConfigAutosavePath is the default path to which the last config will be persisted. +-var ConfigAutosavePath = filepath.Join(AppConfigDir(), "autosave.json") ++var ConfigAutosavePath = filepath.Join(AppDataDir(), "autosave.json") + + // DefaultStorage is Caddy's default storage module. + var DefaultStorage = &certmagic.FileStorage{Path: AppDataDir()} +-- +2.30.0 +