Date: Friday, December 4, 2020 @ 16:25:20 Author: dbermond Revision: 769985
upgpkg: i2pd 2.35.0-1 Added: i2pd/trunk/040-i2pd-systemd-service-hardening.patch i2pd/trunk/050-i2pd-tunnels-d-readme.patch (from rev 769984, i2pd/trunk/040-i2pd-tunnels-d-readme.patch) Modified: i2pd/trunk/PKGBUILD Deleted: i2pd/trunk/040-i2pd-tunnels-d-readme.patch ------------------------------------------+ 040-i2pd-systemd-service-hardening.patch | 34 +++++++++++++++++++++++++++++ 040-i2pd-tunnels-d-readme.patch | 8 ------ 050-i2pd-tunnels-d-readme.patch | 8 ++++++ PKGBUILD | 15 ++++++------ 4 files changed, 50 insertions(+), 15 deletions(-) Added: 040-i2pd-systemd-service-hardening.patch =================================================================== --- 040-i2pd-systemd-service-hardening.patch (rev 0) +++ 040-i2pd-systemd-service-hardening.patch 2020-12-04 16:25:20 UTC (rev 769985) @@ -0,0 +1,34 @@ +--- a/contrib/i2pd.service ++++ b/contrib/i2pd.service +@@ -32,5 +32,31 @@ LimitNOFILE=4096 + # To enable write of coredump uncomment this + #LimitCORE=infinity + ++# Hardening options ++PrivateTmp=true ++ProtectSystem=strict ++ProtectHome=true ++PrivateDevices=true ++ProtectKernelTunables=true ++ProtectControlGroups=true ++NoNewPrivileges=true ++MemoryDenyWriteExecute=true ++LockPersonality=true ++SystemCallFilter=@system-service ++RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelLogs=true ++ProtectKernelModules=true ++ProtectProc=invisible ++ProcSubset=pid ++PrivateMounts=true ++PrivateUsers=true ++ReadWritePaths=/var/lib/i2pd /var/log/i2pd ++RemoveIPC=true ++RestrictRealtime=true ++RestrictSUIDSGID=true ++SystemCallArchitectures=native ++ + [Install] + WantedBy=multi-user.target Deleted: 040-i2pd-tunnels-d-readme.patch =================================================================== --- 040-i2pd-tunnels-d-readme.patch 2020-12-04 15:26:28 UTC (rev 769984) +++ 040-i2pd-tunnels-d-readme.patch 2020-12-04 16:25:20 UTC (rev 769985) @@ -1,8 +0,0 @@ ---- a/contrib/tunnels.d/README -+++ b/contrib/tunnels.d/README -@@ -1,4 +1,4 @@ --# In that directory you can store separated config files for every tunnel. -+# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel. - # Please read documentation for more info. - # - # You can find examples in /usr/share/doc/i2pd/tunnels.d directory Copied: i2pd/trunk/050-i2pd-tunnels-d-readme.patch (from rev 769984, i2pd/trunk/040-i2pd-tunnels-d-readme.patch) =================================================================== --- 050-i2pd-tunnels-d-readme.patch (rev 0) +++ 050-i2pd-tunnels-d-readme.patch 2020-12-04 16:25:20 UTC (rev 769985) @@ -0,0 +1,8 @@ +--- a/contrib/tunnels.d/README ++++ b/contrib/tunnels.d/README +@@ -1,4 +1,4 @@ +-# In that directory you can store separated config files for every tunnel. ++# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel. + # Please read documentation for more info. + # + # You can find examples in /usr/share/doc/i2pd/tunnels.d directory Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-12-04 15:26:28 UTC (rev 769984) +++ PKGBUILD 2020-12-04 16:25:20 UTC (rev 769985) @@ -9,7 +9,7 @@ # Contributor: r4sas pkgname=i2pd -pkgver=2.34.0 +pkgver=2.35.0 pkgrel=1 pkgdesc='A full-featured C++ implementation of the I2P router' arch=('x86_64') @@ -20,17 +20,19 @@ provides=('i2p-router') backup=('etc/i2pd/i2pd.conf' 'etc/i2pd/tunnels.conf') -source=("${pkgname}-${pkgver}.tar.gz"::"https://github.com/PurpleI2P/i2pd/archive/${pkgver}.tar.gz" +source=("https://github.com/PurpleI2P/i2pd/archive/${pkgver}/${pkgname}-${pkgver}.tar.gz" '010-i2pd-use-arch-flags-on-tests.patch' '020-i2pd-config.patch' '030-i2pd-do-not-override-config.patch' - '040-i2pd-tunnels-d-readme.patch' + '040-i2pd-systemd-service-hardening.patch' + '050-i2pd-tunnels-d-readme.patch' 'i2pd.sysusers' 'i2pd.tmpfiles') -sha256sums=('1adb4cf629f1315e9de394630b6bf1e3ba2365fd0a3601635dfb4ba9b481cb94' +sha256sums=('d041fd4e7a88ac168e76f66fdab40174ad093cdc13451cdbd0dd1216e5581f8a' '0064503a9124b764d01db862ba3c2ff97bc5961d41359970df2d6ce9842a5ab5' '452550678ea5702a6492eb58e8d0452b91dc5d0aaa112cf04542df74a3dc0dfc' '45cfc3035c5b5cfc92cfffec1fe7d7efc4fed3229195cdb640ec4a6c405af149' + '578ed9767890e970bd93b44e3be85c2595c4149ed65e4cc1c79ea12e2cb6982e' 'cfcb6b07b67aff3e3af12767f4649d88b9320dc71907b6c01b465e5c138cdaa3' '88b2e709228049ba11f37863f87de75ab6cde295104852871384337cfdc906a3' 'fe8cc2ec83cb5b5c2b2ec8cce9a989e0cb6fd347e00b84e03a17b12efd152fac') @@ -39,7 +41,8 @@ patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/010-i2pd-use-arch-flags-on-tests.patch" patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/020-i2pd-config.patch" patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/030-i2pd-do-not-override-config.patch" - patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-tunnels-d-readme.patch" + patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-systemd-service-hardening.patch" + patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/050-i2pd-tunnels-d-readme.patch" } build() { @@ -50,8 +53,6 @@ -DCMAKE_INSTALL_PREFIX:PATH='/usr' \ -DBUILD_SHARED_LIBS:BOOL='ON' \ -DWITH_UPNP:BOOL='ON' \ - -DWITH_AESNI:BOOL='OFF' \ - -DWITH_AVX:BOOL='OFF' \ -Wno-dev make -C "${pkgname}-${pkgver}/build" }