[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)
Date: Monday, July 27, 2020 @ 19:44:23 Author: archange Revision: 665518 Fix typo in service file Modified: cozy-stack/trunk/PKGBUILD cozy-stack/trunk/cozy-stack.service + PKGBUILD | 12 ++-- cozy-stack.service |2 +- 2 files changed, 7 insertions(+), 7 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-07-27 19:42:30 UTC (rev 665517) +++ PKGBUILD2020-07-27 19:44:23 UTC (rev 665518) @@ -2,7 +2,7 @@ pkgname=cozy-stack pkgver=1.4.14 -pkgrel=1 +pkgrel=2 epoch=1 pkgdesc="Digital home: brings all your web services in the same private space – Stack component" arch=(x86_64) @@ -22,7 +22,7 @@ ${pkgname}.tmpfiles) sha256sums=('1e3f48e8c3762285c3549c3d44f087cba8e454681bc780131d78b62d396c0dc9' 'a6ae871ec726f81d091918dffae4025b993656551185662242dcc2f7de4516c3' -'d367c57b93ac97317e058626693fda431ae871fd19f6a04d767de9b7114426fb' +'6cb30c0a6d45b30827463b26c43fb2e1df9402392e6f23da1622e044ab84b580' 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984' '04043ed0b2bf1c811417eec3b89a049f5353ad16f032497ff5c9a610eafa879d') @@ -39,10 +39,10 @@ export CGO_LDFLAGS="${LDFLAGS}" export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" go build -v \ - -ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \ - -X github.com/cozy/cozy-stack/pkg/config.BuildTime=$(date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +"%Y-%m-%dT%H:%M:%SZ") \ - -X github.com/cozy/cozy-stack/pkg/config.BuildMode=production" \ - -o ${pkgname} +-ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \ + -X github.com/cozy/cozy-stack/pkg/config.BuildTime=$(date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +"%Y-%m-%dT%H:%M:%SZ") \ + -X github.com/cozy/cozy-stack/pkg/config.BuildMode=production" \ +-o ${pkgname} } package() { Modified: cozy-stack.service === --- cozy-stack.service 2020-07-27 19:42:30 UTC (rev 665517) +++ cozy-stack.service 2020-07-27 19:44:23 UTC (rev 665518) @@ -23,7 +23,7 @@ ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true -ProtectKernelLog=true +ProtectKernelLogs=true ProtectControlGroups=true LockPersonality=true #Not compatible with NodeJS
[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)
Date: Saturday, May 30, 2020 @ 14:59:44 Author: archange Revision: 637433 upgpkg: cozy-stack 1:1.4.12-1 Update to current Go packaging guidelines Harden service file with new options Modified: cozy-stack/trunk/PKGBUILD cozy-stack/trunk/cozy-stack.service + PKGBUILD | 33 + cozy-stack.service | 16 ++-- 2 files changed, 31 insertions(+), 18 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-05-30 14:58:20 UTC (rev 637432) +++ PKGBUILD2020-05-30 14:59:44 UTC (rev 637433) @@ -1,7 +1,7 @@ # Maintainer: Bruno Pagani pkgname=cozy-stack -pkgver=1.4.7 +pkgver=1.4.12 pkgrel=1 epoch=1 pkgdesc="Digital home: brings all your web services in the same private space – Stack component" @@ -15,21 +15,30 @@ optdepends=('nodejs: required for konnectors' 'nsjail: run konnectors isolated' 'smtp-forwarder: to allow sending mail to users') -source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver}.orig.tar.xz; -"cozy.yml" -"${pkgname}.service" -"${pkgname}.sysusers" -"${pkgname}.tmpfiles") -sha256sums=('30b9e79ec4ae8236769d60150825a384d4a3984d2ba1283e42124178d33ba3f5' +source=(https://github.com/cozy/cozy-stack/archive/${pkgver}/${pkgname}-${pkgver}.tar.gz +cozy.yml +${pkgname}.service +${pkgname}.sysusers +${pkgname}.tmpfiles) +sha256sums=('1f8fd718c2ba87c97cde00a361398a19008c789a8d8a8edf046b464a4db67a94' 'a6ae871ec726f81d091918dffae4025b993656551185662242dcc2f7de4516c3' -'bfeb24220fb8c6aea8268e1c453f5b05ed9a27844e1aa1c1a54fb463c866689e' +'d367c57b93ac97317e058626693fda431ae871fd19f6a04d767de9b7114426fb' 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984' '04043ed0b2bf1c811417eec3b89a049f5353ad16f032497ff5c9a610eafa879d') +prepare() { +cd ${pkgname}-${pkgver} +go mod vendor +} + build() { -cd ${pkgname} -export GOPATH="${PWD}/vendor" -go build -v -trimpath \ +cd ${pkgname}-${pkgver} +export CGO_CPPFLAGS="${CPPFLAGS}" +export CGO_CFLAGS="${CFLAGS}" +export CGO_CXXFLAGS="${CXXFLAGS}" +export CGO_LDFLAGS="${LDFLAGS}" +export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" +go build -v \ -ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \ -X github.com/cozy/cozy-stack/pkg/config.BuildTime=$(date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +"%Y-%m-%dT%H:%M:%SZ") \ -X github.com/cozy/cozy-stack/pkg/config.BuildMode=production \ @@ -42,7 +51,7 @@ install -Dm644 ${pkgname}.service -t "${pkgdir}"/usr/lib/systemd/system/ install -Dm644 ${pkgname}.sysusers "${pkgdir}"/usr/lib/sysusers.d/${pkgname}.conf install -Dm644 ${pkgname}.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/${pkgname}.conf -cd ${pkgname} +cd ${pkgname}-${pkgver} install -Dm755 ${pkgname} -t "${pkgdir}"/usr/bin/ install -Dm644 cozy.example.yaml -t "${pkgdir}"/usr/share/cozy/ install -Dm755 scripts/konnector-node-run.sh -t "${pkgdir}"/usr/share/cozy/ Modified: cozy-stack.service === --- cozy-stack.service 2020-05-30 14:58:20 UTC (rev 637432) +++ cozy-stack.service 2020-05-30 14:59:44 UTC (rev 637433) @@ -14,18 +14,22 @@ CapabilityBoundingSet= NoNewPrivileges=True #SecureBits=noroot-locked +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true PrivateUsers=true -PrivateDevices=true -PrivateTmp=true -ProtectHome=true -ProtectSystem=strict -ProtectControlGroups=yes +ProtectHostname=true +ProtectClock=true ProtectKernelTunables=true -ProtectKernelModules=yes +ProtectKernelModules=true +ProtectKernelLog=true +ProtectControlGroups=true LockPersonality=true #Not compatible with NodeJS #MemoryDenyWriteExecute=true RestrictRealtime=true +RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=@system-service
[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)
Date: Tuesday, November 6, 2018 @ 16:24:24 Author: archange Revision: 401708 upgpkg: cozy-stack 2018M4S3-1 Modified: cozy-stack/trunk/PKGBUILD cozy-stack/trunk/cozy-stack.service + PKGBUILD | 12 ++-- cozy-stack.service | 19 +++ 2 files changed, 25 insertions(+), 6 deletions(-) Modified: PKGBUILD === --- PKGBUILD2018-11-06 15:33:13 UTC (rev 401707) +++ PKGBUILD2018-11-06 16:24:24 UTC (rev 401708) @@ -1,8 +1,8 @@ # Maintainer: Bruno Pagani pkgname=cozy-stack -pkgver=2018M4S2 -pkgrel=2 +pkgver=2018M4S3 +pkgrel=1 pkgdesc="Digital home: brings all your web services in the same private space – Stack component" arch=('x86_64') url="https://cozy.io; @@ -14,14 +14,14 @@ optdepends=('nodejs: konnectors without isolation' 'nsjail: isolated konnectors' 'smtp-forwarder: to allow sending mail to users') -source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver/+/-}.orig.tar.xz; +source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver}.orig.tar.xz; "cozy.yml" "${pkgname}.service" "${pkgname}.sysusers" "${pkgname}.tmpfiles") -sha256sums=('04dce19da46cd507335d60fac28a20dad489a1bc321ee47df1693b2a2661885d' +sha256sums=('5ab1975ccb042c841915041546c330fce82992c7bc92bfdf2288d3f7a6190818' '450a41a054871b63ee0d968397d623faa50532269d875c0174633ea543701431' -'f0a8cc43c51daeba92b36b449537eb6fa5d3fb84ef1428dc586266749ed742e0' +'ad9b40170e2b07d5aa5ea6d444ad16c96bb39adb5ff579db5cc39cb4e2ec3f91' 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984' 'fd333c2fd0de859890204554f52a5c64b953664f6cb262b20bb839aa70ed9ecb') @@ -28,7 +28,7 @@ build() { export GOPATH="${srcdir}"/cozy-stack cd cozy-stack/src/github.com/cozy/cozy-stack -go build -o "${srcdir}"/bin/cozy-stack \ +go build -v -o "${srcdir}"/bin/cozy-stack \ -gcflags "all=-trimpath=${GOPATH}" \ -asmflags "all=-trimpath=${GOPATH}" \ -ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \ Modified: cozy-stack.service === --- cozy-stack.service 2018-11-06 15:33:13 UTC (rev 401707) +++ cozy-stack.service 2018-11-06 16:24:24 UTC (rev 401708) @@ -7,8 +7,27 @@ User=cozy Group=cozy PermissionsStartOnly=true +WorkingDirectory=~ +LogsDirectory=cozy +StateDirectory=cozy ExecStart=/usr/bin/cozy-stack serve Restart=always +CapabilityBoundingSet= +NoNewPrivileges=True +#SecureBits=noroot-locked +PrivateUsers=true +PrivateDevices=true +PrivateTmp=true +ProtectHome=true +ProtectSystem=strict +ProtectControlGroups=yes +ProtectKernelTunables=true +ProtectKernelModules=yes +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=@system-service [Install] WantedBy=multi-user.target