commit spotifyd for openSUSE:Factory

Fri, 26 Nov 2021 15:53:39 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package spotifyd for openSUSE:Factory 
checked in at 2021-11-27 00:51:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/spotifyd (Old)
 and      /work/SRC/openSUSE:Factory/.spotifyd.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "spotifyd"

Sat Nov 27 00:51:35 2021 rev:4 rq:934016 version:0.3.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/spotifyd/spotifyd.changes        2021-11-05 
22:59:08.788301526 +0100
+++ /work/SRC/openSUSE:Factory/.spotifyd.new.1895/spotifyd.changes      
2021-11-27 00:52:27.582566866 +0100
@@ -1,0 +2,6 @@
+Tue Nov 23 15:19:39 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_spotifyd.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_spotifyd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ spotifyd.spec ++++++
--- /var/tmp/diff_new_pack.lwz3FO/_old  2021-11-27 00:52:28.126564988 +0100
+++ /var/tmp/diff_new_pack.lwz3FO/_new  2021-11-27 00:52:28.130564974 +0100
@@ -25,6 +25,7 @@
 URL:            https://github.com/Spotifyd/spotifyd
 Source0:        
https://github.com/Spotifyd/spotifyd/archive/refs/tags/v%{version}.tar.gz#/spotifyd-%{version}.tar.gz
 Source1:        vendor.tar.bz2
+Patch0:        harden_spotifyd.service.patch
 BuildRequires:  cargo
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(alsa)
@@ -41,6 +42,7 @@
 
 %prep
 %setup -q -a1
+%patch0 -p1
 
 mkdir .cargo
 cat >.cargo/config <<EOF

++++++ harden_spotifyd.service.patch ++++++
Index: spotifyd-0.3.2/contrib/spotifyd.service
===================================================================
--- spotifyd-0.3.2.orig/contrib/spotifyd.service
+++ spotifyd-0.3.2/contrib/spotifyd.service
@@ -7,6 +7,19 @@ Wants=network-online.target
 After=network-online.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=read-only
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/bin/spotifyd --no-daemon
 Restart=always
 RestartSec=12

Reply via email to