[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)

2020-07-27 Thread Bruno Pagani via arch-commits 
Date: Monday, July 27, 2020 @ 19:44:23
  Author: archange
Revision: 665518

Fix typo in service file

Modified:
  cozy-stack/trunk/PKGBUILD
  cozy-stack/trunk/cozy-stack.service

+
 PKGBUILD   |   12 ++--
 cozy-stack.service |2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2020-07-27 19:42:30 UTC (rev 665517)
+++ PKGBUILD2020-07-27 19:44:23 UTC (rev 665518)
@@ -2,7 +2,7 @@
 
 pkgname=cozy-stack
 pkgver=1.4.14
-pkgrel=1
+pkgrel=2
 epoch=1
 pkgdesc="Digital home: brings all your web services in the same private space 
– Stack component"
 arch=(x86_64)
@@ -22,7 +22,7 @@
 ${pkgname}.tmpfiles)
 sha256sums=('1e3f48e8c3762285c3549c3d44f087cba8e454681bc780131d78b62d396c0dc9'
 'a6ae871ec726f81d091918dffae4025b993656551185662242dcc2f7de4516c3'
-'d367c57b93ac97317e058626693fda431ae871fd19f6a04d767de9b7114426fb'
+'6cb30c0a6d45b30827463b26c43fb2e1df9402392e6f23da1622e044ab84b580'
 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984'
 '04043ed0b2bf1c811417eec3b89a049f5353ad16f032497ff5c9a610eafa879d')
 
@@ -39,10 +39,10 @@
 export CGO_LDFLAGS="${LDFLAGS}"
 export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
 go build -v \
- -ldflags "-X 
github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \
-   -X 
github.com/cozy/cozy-stack/pkg/config.BuildTime=$(date --utc 
--date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +"%Y-%m-%dT%H:%M:%SZ") \
-   -X 
github.com/cozy/cozy-stack/pkg/config.BuildMode=production" \
- -o ${pkgname}
+-ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \
+  -X github.com/cozy/cozy-stack/pkg/config.BuildTime=$(date 
--utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +"%Y-%m-%dT%H:%M:%SZ") \
+  -X 
github.com/cozy/cozy-stack/pkg/config.BuildMode=production" \
+-o ${pkgname}
 }
 
 package() {

Modified: cozy-stack.service
===
--- cozy-stack.service  2020-07-27 19:42:30 UTC (rev 665517)
+++ cozy-stack.service  2020-07-27 19:44:23 UTC (rev 665518)
@@ -23,7 +23,7 @@
 ProtectClock=true
 ProtectKernelTunables=true
 ProtectKernelModules=true
-ProtectKernelLog=true
+ProtectKernelLogs=true
 ProtectControlGroups=true
 LockPersonality=true
 #Not compatible with NodeJS

[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)

2020-05-30 Thread Bruno Pagani via arch-commits 
Date: Saturday, May 30, 2020 @ 14:59:44
  Author: archange
Revision: 637433

upgpkg: cozy-stack 1:1.4.12-1

Update to current Go packaging guidelines
Harden service file with new options

Modified:
  cozy-stack/trunk/PKGBUILD
  cozy-stack/trunk/cozy-stack.service

+
 PKGBUILD   |   33 +
 cozy-stack.service |   16 ++--
 2 files changed, 31 insertions(+), 18 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2020-05-30 14:58:20 UTC (rev 637432)
+++ PKGBUILD2020-05-30 14:59:44 UTC (rev 637433)
@@ -1,7 +1,7 @@
 # Maintainer: Bruno Pagani 
 
 pkgname=cozy-stack
-pkgver=1.4.7
+pkgver=1.4.12
 pkgrel=1
 epoch=1
 pkgdesc="Digital home: brings all your web services in the same private space 
– Stack component"
@@ -15,21 +15,30 @@
 optdepends=('nodejs: required for konnectors'
 'nsjail: run konnectors isolated'
 'smtp-forwarder: to allow sending mail to users')
-source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver}.orig.tar.xz;
-"cozy.yml"
-"${pkgname}.service"
-"${pkgname}.sysusers"
-"${pkgname}.tmpfiles")
-sha256sums=('30b9e79ec4ae8236769d60150825a384d4a3984d2ba1283e42124178d33ba3f5'
+source=(https://github.com/cozy/cozy-stack/archive/${pkgver}/${pkgname}-${pkgver}.tar.gz
+cozy.yml
+${pkgname}.service
+${pkgname}.sysusers
+${pkgname}.tmpfiles)
+sha256sums=('1f8fd718c2ba87c97cde00a361398a19008c789a8d8a8edf046b464a4db67a94'
 'a6ae871ec726f81d091918dffae4025b993656551185662242dcc2f7de4516c3'
-'bfeb24220fb8c6aea8268e1c453f5b05ed9a27844e1aa1c1a54fb463c866689e'
+'d367c57b93ac97317e058626693fda431ae871fd19f6a04d767de9b7114426fb'
 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984'
 '04043ed0b2bf1c811417eec3b89a049f5353ad16f032497ff5c9a610eafa879d')
 
+prepare() {
+cd ${pkgname}-${pkgver}
+go mod vendor
+}
+
 build() {
-cd ${pkgname}
-export GOPATH="${PWD}/vendor"
-go build -v -trimpath \
+cd ${pkgname}-${pkgver}
+export CGO_CPPFLAGS="${CPPFLAGS}"
+export CGO_CFLAGS="${CFLAGS}"
+export CGO_CXXFLAGS="${CXXFLAGS}"
+export CGO_LDFLAGS="${LDFLAGS}"
+export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
+go build -v \
  -ldflags "-X 
github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \
-X 
github.com/cozy/cozy-stack/pkg/config.BuildTime=$(date --utc 
--date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +"%Y-%m-%dT%H:%M:%SZ") \
-X 
github.com/cozy/cozy-stack/pkg/config.BuildMode=production \
@@ -42,7 +51,7 @@
 install -Dm644 ${pkgname}.service -t "${pkgdir}"/usr/lib/systemd/system/
 install -Dm644 ${pkgname}.sysusers 
"${pkgdir}"/usr/lib/sysusers.d/${pkgname}.conf
 install -Dm644 ${pkgname}.tmpfiles 
"${pkgdir}"/usr/lib/tmpfiles.d/${pkgname}.conf
-cd ${pkgname}
+cd ${pkgname}-${pkgver}
 install -Dm755 ${pkgname} -t "${pkgdir}"/usr/bin/
 install -Dm644 cozy.example.yaml -t "${pkgdir}"/usr/share/cozy/
 install -Dm755 scripts/konnector-node-run.sh -t "${pkgdir}"/usr/share/cozy/

Modified: cozy-stack.service
===
--- cozy-stack.service  2020-05-30 14:58:20 UTC (rev 637432)
+++ cozy-stack.service  2020-05-30 14:59:44 UTC (rev 637433)
@@ -14,18 +14,22 @@
 CapabilityBoundingSet=
 NoNewPrivileges=True
 #SecureBits=noroot-locked
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
 PrivateUsers=true
-PrivateDevices=true
-PrivateTmp=true
-ProtectHome=true
-ProtectSystem=strict
-ProtectControlGroups=yes
+ProtectHostname=true
+ProtectClock=true
 ProtectKernelTunables=true
-ProtectKernelModules=yes
+ProtectKernelModules=true
+ProtectKernelLog=true
+ProtectControlGroups=true
 LockPersonality=true
 #Not compatible with NodeJS
 #MemoryDenyWriteExecute=true
 RestrictRealtime=true
+RestrictSUIDSGID=true
 SystemCallArchitectures=native
 SystemCallFilter=@system-service

[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)

2018-11-06 Thread Bruno Pagani via arch-commits 
Date: Tuesday, November 6, 2018 @ 16:24:24
  Author: archange
Revision: 401708

upgpkg: cozy-stack 2018M4S3-1

Modified:
  cozy-stack/trunk/PKGBUILD
  cozy-stack/trunk/cozy-stack.service

+
 PKGBUILD   |   12 ++--
 cozy-stack.service |   19 +++
 2 files changed, 25 insertions(+), 6 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2018-11-06 15:33:13 UTC (rev 401707)
+++ PKGBUILD2018-11-06 16:24:24 UTC (rev 401708)
@@ -1,8 +1,8 @@
 # Maintainer: Bruno Pagani 
 
 pkgname=cozy-stack
-pkgver=2018M4S2
-pkgrel=2
+pkgver=2018M4S3
+pkgrel=1
 pkgdesc="Digital home: brings all your web services in the same private space 
– Stack component"
 arch=('x86_64')
 url="https://cozy.io;
@@ -14,14 +14,14 @@
 optdepends=('nodejs: konnectors without isolation'
 'nsjail: isolated konnectors'
 'smtp-forwarder: to allow sending mail to users')
-source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver/+/-}.orig.tar.xz;
+source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver}.orig.tar.xz;
 "cozy.yml"
 "${pkgname}.service"
 "${pkgname}.sysusers"
 "${pkgname}.tmpfiles")
-sha256sums=('04dce19da46cd507335d60fac28a20dad489a1bc321ee47df1693b2a2661885d'
+sha256sums=('5ab1975ccb042c841915041546c330fce82992c7bc92bfdf2288d3f7a6190818'
 '450a41a054871b63ee0d968397d623faa50532269d875c0174633ea543701431'
-'f0a8cc43c51daeba92b36b449537eb6fa5d3fb84ef1428dc586266749ed742e0'
+'ad9b40170e2b07d5aa5ea6d444ad16c96bb39adb5ff579db5cc39cb4e2ec3f91'
 'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984'
 'fd333c2fd0de859890204554f52a5c64b953664f6cb262b20bb839aa70ed9ecb')
 
@@ -28,7 +28,7 @@
 build() {
 export GOPATH="${srcdir}"/cozy-stack
 cd cozy-stack/src/github.com/cozy/cozy-stack
-go build -o "${srcdir}"/bin/cozy-stack \
+go build -v -o "${srcdir}"/bin/cozy-stack \
  -gcflags "all=-trimpath=${GOPATH}" \
  -asmflags "all=-trimpath=${GOPATH}" \
  -ldflags "-X 
github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \

Modified: cozy-stack.service
===
--- cozy-stack.service  2018-11-06 15:33:13 UTC (rev 401707)
+++ cozy-stack.service  2018-11-06 16:24:24 UTC (rev 401708)
@@ -7,8 +7,27 @@
 User=cozy
 Group=cozy
 PermissionsStartOnly=true
+WorkingDirectory=~
+LogsDirectory=cozy
+StateDirectory=cozy
 ExecStart=/usr/bin/cozy-stack serve
 Restart=always
+CapabilityBoundingSet=
+NoNewPrivileges=True
+#SecureBits=noroot-locked
+PrivateUsers=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectControlGroups=yes
+ProtectKernelTunables=true
+ProtectKernelModules=yes
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target