[arch-commits] Commit in radicale/trunk (4 files)

David Runge dvzrv at archlinux.org
Fri Aug 24 17:41:29 UTC 2018 

    Date: Friday, August 24, 2018 @ 17:41:28
  Author: dvzrv
Revision: 373838

upgpkg: radicale 2.1.10-2

Fixing ProtectSystem settings in service (ReadWritePaths was misspelled as ReadWriteDirectories and preventing strict settings). Removing radicale from http group (not needed). Being more permissive on /etc/radicale, while being less permissive on the configuration files within.

Modified:
  radicale/trunk/PKGBUILD
  radicale/trunk/radicale-sysusers.conf
  radicale/trunk/radicale-tmpfiles.conf
  radicale/trunk/radicale.service

------------------------+
 PKGBUILD               |   15 +++++++++------
 radicale-sysusers.conf |    1 -
 radicale-tmpfiles.conf |    4 ++--
 radicale.service       |    4 ++--
 4 files changed, 13 insertions(+), 11 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-08-24 17:38:43 UTC (rev 373837)
+++ PKGBUILD	2018-08-24 17:41:28 UTC (rev 373838)
@@ -1,11 +1,13 @@
-# Maintainer: Moritz Lipp <mlq at pwmt.org>
-# Co-Maintainer: fordprefect <fordprefect at dukun.de>
+# $Id$
+# Maintainer: David Runge <dave at sleepmap.de>
+# Contributor: Moritz Lipp <mlq at pwmt.org>
+# Contributor: fordprefect <fordprefect at dukun.de>
 # Contributor: Thor77 <thor77 at thor77.org>
 
 pkgname=radicale
 _name=Radicale
 pkgver=2.1.10
-pkgrel=1
+pkgrel=2
 pkgdesc='Simple calendar (CalDAV) and contact (CardDAV) server'
 arch=('any')
 url="http://www.radicale.org/"
@@ -18,9 +20,9 @@
         "${pkgname}-tmpfiles.conf"
         "${pkgname}.service")
 sha512sums=('8be15a0777e437b38c48f80ae67b84ab9459414e6f493c8f2f2628fdbe5907757c61610d1b1c38bb161353baf7ac6488105639836a0f0e5d2e7ef163d014c25f'
-            '444489ba929680490884e338acc311fb61d81f9d9f0282c92c40a80317af9e61123e4764e803d1698876417170efd40bfe7f56408570891c4e426de3be17c302'
-            '4570ed393b73bc5a3fd571947acae78b96b5e17f659e3169f542b9c481635680c724d5c6c0952661fae063caf04c786afe7043c5052945e7a00bb66326dec016'
-            '6a3452009bebc0f8680ea8e64b9a398c04f3fb6b20752c377392e22641845a04dbfda78d586271c9a25bd7d5ba42b7a8f74774afed68732f19ddd764f53e11cc')
+            '56dffb66e018cfbf158dc5d8fe638b3cb31229945f659aae5623f219bcd1d68ddc375f1633fa8e857a9b2f50c9e05a06efce165370137d6e116a4f187466637f'
+            'ae70ad94f4b2ea77fd0929905c09410a2b52449a03ee6a7237607155c6db2efd7e8f1c26933f03ebc26ca6009223dfa7634acf871c56f1bb925fa41f3a291c67'
+            '2e2a99fb0a42d3f0f8ac9d0264376441ea600508e98c5dfb3ebcd6de096286a276747455fdf4b5c771f3cc6f454cb0277dc62cc9b11e278bd5fe74cb2b7b979a')
 
 prepare() {
   mv -v ${_name}-${pkgver} ${pkgname}-${pkgver}
@@ -48,6 +50,7 @@
                           --root="${pkgdir}"
     # config
     install -vDm 644 config "${pkgdir}/etc/${pkgname}/config"
+    touch "${pkgdir}/etc/${pkgname}/users"
     # fcgi/wsgi
     install -t "${pkgdir}/usr/share/${pkgname}/" \
       -vDm 644 "${pkgname}.fcgi" \

Modified: radicale-sysusers.conf
===================================================================
--- radicale-sysusers.conf	2018-08-24 17:38:43 UTC (rev 373837)
+++ radicale-sysusers.conf	2018-08-24 17:41:28 UTC (rev 373838)
@@ -1,2 +1 @@
 u radicale - "Radicale user"
-m radicale http

Modified: radicale-tmpfiles.conf
===================================================================
--- radicale-tmpfiles.conf	2018-08-24 17:38:43 UTC (rev 373837)
+++ radicale-tmpfiles.conf	2018-08-24 17:41:28 UTC (rev 373838)
@@ -1,3 +1,3 @@
-d /etc/radicale 0750 root radicale -
-z /etc/radicale/config 0644 root radicale -
+z /etc/radicale/config 0640 radicale radicale -
+z /etc/radicale/users 0640 radicale radicale -
 d /var/lib/radicale 0750 radicale radicale -

Modified: radicale.service
===================================================================
--- radicale.service	2018-08-24 17:38:43 UTC (rev 373837)
+++ radicale.service	2018-08-24 17:41:28 UTC (rev 373838)
@@ -12,13 +12,13 @@
 UMask=0027
 PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=full
+ProtectSystem=strict
 ProtectHome=yes
 ProtectKernelTunables=yes
 ProtectKernelModules=yes
 ProtectControlGroups=yes
 NoNewPrivileges=yes
-ReadWriteDirectories=/var/lib/radicale
+ReadWritePaths=/var/lib/radicale
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list