[arch-commits] Commit in couchdb/trunk (PKGBUILD couchdb.service)

Bruno Pagani archange at archlinux.org
Sun Dec 16 18:17:51 UTC 2018 

    Date: Sunday, December 16, 2018 @ 18:17:51
  Author: archange
Revision: 416455

upgpkg: couchdb 2.3.0-1

Upstream update + systemd service hardening

Modified:
  couchdb/trunk/PKGBUILD
  couchdb/trunk/couchdb.service

-----------------+
 PKGBUILD        |   12 ++++++------
 couchdb.service |   22 +++++++++++++++++++---
 2 files changed, 25 insertions(+), 9 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-12-16 15:51:42 UTC (rev 416454)
+++ PKGBUILD	2018-12-16 18:17:51 UTC (rev 416455)
@@ -4,14 +4,14 @@
 # Contributor: Michael Fellinger <m.fellinger at gmail.com>
 
 pkgname=couchdb
-pkgver=2.2.0
-pkgrel=3
+pkgver=2.3.0
+pkgrel=1
 pkgdesc="A document-oriented database that can be queried and indexed in a MapReduce fashion using JSON"
 arch=('x86_64')
 url="https://couchdb.apache.org"
 license=('APACHE')
 depends=('icu' 'js185' 'zlib')
-makedepends=('erlang-nox-20')
+makedepends=('erlang-nox')
 install=${pkgname}.install
 backup=('etc/couchdb/local.ini'
         'etc/couchdb/vm.args')
@@ -20,9 +20,9 @@
         'couchdb.sysusers'
         'couchdb.tmpfiles'
         'datadirs.ini')
-sha256sums=('0e3ceb8aab73af8e54a2e2c949f362495b1c938455a15e9a4e294901c6c67985'
+sha256sums=('0b3868d042b158d9fd2f504804abd93cd22681c033952f832ce846672c31f352'
             'SKIP'
-            'e2976dbdd2fb63fe8d09bee0d9c9a97e8785533d9c323276b4030354cb6d8957'
+            'aa487af362f1ff64333763615513a58cf710c41077413a364a2c60cb882f4be8'
             '3ed1ad2a37a068ce194b03fb72eb35285d60fa7faf2d2c2bb710703d229108a8'
             '0ce806cbc5e18e60b17be9fd2cdbd4c7f12cc84ca95b079efdede16ddb5f3efd'
             '937ca3498aab47b3f2226d027fa8a1a95de55cbb463373099e28cb9a6c7046ac')
@@ -30,7 +30,7 @@
 
 prepare() {
     cd apache-couchdb-${pkgver}
-    sed -i 's|$ROOTDIR/etc/vm.args|/etc/couchdb/vm.args|' rel/overlay/bin/couchdb
+    sed -i 's|$ROOTDIR/etc/vm.args|/etc/couchdb/vm.args|' rel/files/couchdb.in
 }
 
 build() {

Modified: couchdb.service
===================================================================
--- couchdb.service	2018-12-16 15:51:42 UTC (rev 416454)
+++ couchdb.service	2018-12-16 18:17:51 UTC (rev 416455)
@@ -5,12 +5,28 @@
 User=couchdb
 Group=couchdb
 Type=simple
+WorkingDirectory=~
+StateDirectory=couchdb
 Environment="ERL_FLAGS=-couch_ini /usr/lib/couchdb/etc/default.ini /usr/lib/couchdb/etc/datadirs.ini /etc/couchdb/local.ini"
 ExecStart=/usr/lib/couchdb/bin/couchdb
-ProtectSystem=true
+Restart=always
+RestartSec=2s
+CapabilityBoundingSet=
+NoNewPrivileges=True
+PrivateUsers=true
+PrivateDevices=true
+PrivateTmp=true
 ProtectHome=true
-NoNewPrivileges=true
-PrivateTmp=true
+ProtectSystem=strict
+ProtectControlGroups=yes
+ProtectKernelTunables=true
+ProtectKernelModules=yes
+ReadWritePaths=/etc/couchdb/local.ini
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list