[arch-commits] Commit in sslh/repos (20 files)

Sébastien Luttringer seblu at archlinux.org
Tue Feb 13 15:12:53 UTC 2018


    Date: Tuesday, February 13, 2018 @ 15:12:53
  Author: seblu
Revision: 293862

db-move: moved sslh from [community-testing] to [community] (x86_64)

Added:
  sslh/repos/community-x86_64/PKGBUILD
    (from rev 293861, sslh/repos/community-testing-x86_64/PKGBUILD)
  sslh/repos/community-x86_64/sslh-fork.service
    (from rev 293861, sslh/repos/community-testing-x86_64/sslh-fork.service)
  sslh/repos/community-x86_64/sslh-select.service
    (from rev 293861, sslh/repos/community-testing-x86_64/sslh-select.service)
  sslh/repos/community-x86_64/sslh.cfg
    (from rev 293861, sslh/repos/community-testing-x86_64/sslh.cfg)
  sslh/repos/community-x86_64/sslh.install
    (from rev 293861, sslh/repos/community-testing-x86_64/sslh.install)
  sslh/repos/community-x86_64/sslh.service
    (from rev 293861, sslh/repos/community-testing-x86_64/sslh.service)
  sslh/repos/community-x86_64/sslh.sysusers
    (from rev 293861, sslh/repos/community-testing-x86_64/sslh.sysusers)
Deleted:
  sslh/repos/community-testing-x86_64/
  sslh/repos/community-x86_64/PKGBUILD
  sslh/repos/community-x86_64/PKGBUILD.next
  sslh/repos/community-x86_64/sslh-fork.service
  sslh/repos/community-x86_64/sslh-fork.service.next
  sslh/repos/community-x86_64/sslh-select.service
  sslh/repos/community-x86_64/sslh-select.service.next
  sslh/repos/community-x86_64/sslh.cfg
  sslh/repos/community-x86_64/sslh.conf
  sslh/repos/community-x86_64/sslh.install
  sslh/repos/community-x86_64/sslh.install.next
  sslh/repos/community-x86_64/sslh.service
  sslh/repos/community-x86_64/sslh.sysusers

-------------------------------------------+
 /PKGBUILD                                 |   57 ++++++++++++++++++++++
 /sslh-fork.service                        |   27 ++++++++++
 /sslh-select.service                      |   27 ++++++++++
 /sslh.cfg                                 |   21 ++++++++
 /sslh.install                             |   27 ++++++++++
 /sslh.service                             |   25 +++++++++
 /sslh.sysusers                            |    1 
 community-x86_64/PKGBUILD                 |   52 --------------------
 community-x86_64/PKGBUILD.next            |   71 ----------------------------
 community-x86_64/sslh-fork.service        |   11 ----
 community-x86_64/sslh-fork.service.next   |   12 ----
 community-x86_64/sslh-select.service      |   10 ---
 community-x86_64/sslh-select.service.next |   11 ----
 community-x86_64/sslh.cfg                 |   29 -----------
 community-x86_64/sslh.conf                |   29 -----------
 community-x86_64/sslh.install             |   18 -------
 community-x86_64/sslh.install.next        |   24 ---------
 community-x86_64/sslh.service             |   15 -----
 community-x86_64/sslh.sysusers            |    1 
 19 files changed, 185 insertions(+), 283 deletions(-)

Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/PKGBUILD	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,52 +0,0 @@
-# $Id: PKGBUILD 171217 2016-04-16 22:11:23Z seblu $
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
-# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
-
-pkgname=sslh
-pkgver=1.18
-pkgrel=4
-pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
-arch=('x86_64')
-url='http://www.rutschle.net/tech/sslh.shtml'
-license=('GPL2')
-depends=('libcap' 'libconfig')
-backup=('etc/sslh.conf')
-install=$pkgname.install
-source=("http://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"
-        'sslh.conf'
-        'sslh.sysusers'
-        'sslh-select.service'
-        'sslh-fork.service')
-md5sums=('0e3568d5d234516c634d4df156473298'
-         'd5405c7ca7e1813e4d49a473e5834640'
-         'f39544277a30595d4b7476b3f87ebbcf'
-         '0f3f9e3ac2ac4b576d684b21b566aeb9'
-         '4e64f0850ec9bd44071ae8d5369316e5')
-
-build() {
-  cd $pkgname-v$pkgver
-  make VERSION=\"v$pkgver\" USELIBCAP=1
-}
-
-package() {
-  # default arch config
-  install -Dm 644 sslh.conf "$pkgdir/etc/sslh.conf"
-  # manually install to have both ssl-fork and ssl-select
-  cd $pkgname-v$pkgver
-  install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
-  install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
-  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
-  # install manpage
-  install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
-  # install examples files
-  install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
-  install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
-  # systemd
-  cd "$pkgdir"
-  install -dm 755 usr/lib/{systemd/system,sysusers.d}
-  install -Dm 644 "$srcdir"/sslh-{fork,select}.service usr/lib/systemd/system
-  install -Dm 644 "$srcdir"/sslh.sysusers usr/lib/sysusers.d/sslh.conf
-}
-
-# vim:set ts=2 sw=2 et:

Copied: sslh/repos/community-x86_64/PKGBUILD (from rev 293861, sslh/repos/community-testing-x86_64/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,57 @@
+# $Id: PKGBUILD 171217 2016-04-16 22:11:23Z seblu $
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
+# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
+
+pkgname=sslh
+pkgver=1.19b
+pkgrel=1
+pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
+arch=('x86_64')
+url='https://www.rutschle.net/tech/sslh/README.html'
+license=('GPL2')
+makedepends=('systemd')
+depends=('glibc' 'libcap' 'libconfig' 'pcre' 'libsystemd')
+backup=('etc/sslh.cfg')
+install=$pkgname.install
+source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
+        'sslh.cfg'
+        'sslh.service'
+        'sslh-select.service'
+        'sslh-fork.service')
+validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
+md5sums=('33e371c978614638b4c0db4e40afa5c4'
+         'SKIP'
+         '67a119213538aabf5d70a756ae7a99d0'
+         'ecbb46c46874d7b620202926d36b8478'
+         '2b98633ee61bc5a809a4f75479628b2f'
+         'ca5ec0adf9149f1db4e09af659391659')
+
+build() {
+  cd $pkgname-v$pkgver
+  make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
+}
+
+package() {
+  # default arch config
+  install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
+  # manually install to have both ssl-fork and ssl-select
+  cd $pkgname-v$pkgver
+  install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
+  install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
+  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
+  # install manpage
+  install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
+  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
+  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
+  # install examples files
+  install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
+  install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
+  # systemd
+  install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators}
+  install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
+  cd "$pkgdir"
+  install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: community-x86_64/PKGBUILD.next
===================================================================
--- community-x86_64/PKGBUILD.next	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/PKGBUILD.next	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,71 +0,0 @@
-# $Id$
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
-# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
-
-pkgname=sslh
-pkgver=1.18
-pkgrel=1.2
-pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
-arch=('x86_64')
-url='http://www.rutschle.net/tech/sslh.shtml'
-license=('GPL2')
-makedepends=('systemd')
-depends=('libcap' 'libconfig' 'libsystemd')
-backup=('etc/sslh.cfg')
-install=$pkgname.install
-source=("http://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
-        'sslh-master.zip'
-        'sslh.cfg'
-        'sslh.sysusers'
-        'sslh.service'
-        'sslh-select.service'
-        'sslh-fork.service')
-validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
-md5sums=('0e3568d5d234516c634d4df156473298'
-         'SKIP'
-         '5cfde7884d5c9d7a8b7b971b3f37e94b'
-         'd5405c7ca7e1813e4d49a473e5834640'
-         'f39544277a30595d4b7476b3f87ebbcf'
-         'e66490eacc9cb586e48e4e0562ac25e3'
-         '7f95dc8ce4c8dfbe5cd0b1cabb8acb31'
-         'ea5733ec4c68709a813e84b4403e342a')
-
-build() {
-  #cd $pkgname-v$pkgver
-  cd sslh-master
-  #FIXME: https://github.com/yrutschle/sslh/issues/103
-  export CFLAGS=''
-  make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
-}
-
-#check() {
-#  cd $pkgname-v$pkgver
-#  make test
-#}
-
-package() {
-  # default arch config
-  install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
-  # manually install to have both ssl-fork and ssl-select
-  #cd $pkgname-v$pkgver
-  cd sslh-master
-  install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
-  install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
-  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
-  # install manpage
-  install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
-  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
-  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
-  # install examples files
-  install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
-  install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
-  # systemd
-  install -dm 755 "$pkgdir"/usr/lib/{systemd/system,sysusers.d}
-  install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
-  cd "$pkgdir"
-  install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
-  install -Dm 644 "$srcdir"/sslh.sysusers usr/lib/sysusers.d/sslh.conf
-}
-
-# vim:set ts=2 sw=2 et:

Deleted: community-x86_64/sslh-fork.service
===================================================================
--- community-x86_64/sslh-fork.service	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-fork.service	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,11 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-fork -F/etc/sslh.conf
-KillMode=process
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target

Copied: sslh/repos/community-x86_64/sslh-fork.service (from rev 293861, sslh/repos/community-testing-x86_64/sslh-fork.service)
===================================================================
--- community-x86_64/sslh-fork.service	                        (rev 0)
+++ community-x86_64/sslh-fork.service	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (fork mode)
+Conflicts=sslh-select.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-fork --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

Deleted: community-x86_64/sslh-fork.service.next
===================================================================
--- community-x86_64/sslh-fork.service.next	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-fork.service.next	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,12 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (fork mode)
-Conflicts=sslh-select.service sslh.socket
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-fork -F
-KillMode=process
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target

Deleted: community-x86_64/sslh-select.service
===================================================================
--- community-x86_64/sslh-select.service	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-select.service	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,10 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-select -F/etc/sslh.conf
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target

Copied: sslh/repos/community-x86_64/sslh-select.service (from rev 293861, sslh/repos/community-testing-x86_64/sslh-select.service)
===================================================================
--- community-x86_64/sslh-select.service	                        (rev 0)
+++ community-x86_64/sslh-select.service	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode)
+Conflicts=sslh-fork.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-select --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

Deleted: community-x86_64/sslh-select.service.next
===================================================================
--- community-x86_64/sslh-select.service.next	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-select.service.next	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,11 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (select mode)
-Conflicts=sslh-fork.service sslh.socket
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-select -F
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target

Deleted: community-x86_64/sslh.cfg
===================================================================
--- community-x86_64/sslh.cfg	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.cfg	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,29 +0,0 @@
-# Default Arch configuration
-# You can find more examples in /usr/share/doc/sslh
-
-verbose: false;
-foreground: true;
-inetd: false;
-numeric: false;
-transparent: false;
-timeout: 2;
-user: "sslh";
-pidfile: "/run/sslh.pid";
-
-
-listen:
-(
-    { host: "::0"; port: "443"; }
-);
-
-protocols:
-(
-     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
-     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
-     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
-     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
-     { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
-     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
-);
-
-# vim:set ts=4 sw=4 et:

Copied: sslh/repos/community-x86_64/sslh.cfg (from rev 293861, sslh/repos/community-testing-x86_64/sslh.cfg)
===================================================================
--- community-x86_64/sslh.cfg	                        (rev 0)
+++ community-x86_64/sslh.cfg	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,21 @@
+# Default Arch configuration
+# You can find more examples in /usr/share/doc/sslh
+
+timeout: 2;
+
+listen:
+(
+    { host: "0.0.0.0"; port: "443"; }
+);
+
+protocols:
+(
+     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+     { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
+     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
+);
+
+# vim:set ts=4 sw=4 et:

Deleted: community-x86_64/sslh.conf
===================================================================
--- community-x86_64/sslh.conf	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.conf	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,29 +0,0 @@
-# Default Arch configuration
-# You can find more examples in /usr/share/doc/sslh
-
-verbose: false;
-foreground: true;
-inetd: false;
-numeric: false;
-transparent: false;
-timeout: 2;
-user: "sslh";
-pidfile: "/run/sslh.pid";
-
-
-listen:
-(
-    { host: "::0"; port: "443"; }
-);
-
-protocols:
-(
-     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
-     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
-     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
-     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
-     { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
-     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
-);
-
-# vim:set ts=4 sw=4 et:

Deleted: community-x86_64/sslh.install
===================================================================
--- community-x86_64/sslh.install	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.install	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# arg 1:  the new package version
-# arg 2:  the old package version
-post_upgrade() {
-  if (( "$(vercmp $2 1.14-1)" <= 0 )); then
-    cat << EOF
-===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
-EOF
-  fi
-  if (( "$(vercmp $2 1.16-3)" < 0 )); then
-    cat << EOF
-===> sslh may runs as unprivileged sslh user. Check your setup.
-EOF
-  fi
-}
-
-# vim:set ts=2 sw=2 ft=sh et:

Copied: sslh/repos/community-x86_64/sslh.install (from rev 293861, sslh/repos/community-testing-x86_64/sslh.install)
===================================================================
--- community-x86_64/sslh.install	                        (rev 0)
+++ community-x86_64/sslh.install	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+  if (( "$(vercmp $2 1.14-1)" <= 0 )); then
+    cat << EOF
+===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
+EOF
+  fi
+  if (( "$(vercmp $2 1.16-3)" < 0 )); then
+    cat << EOF
+===> sslh may runs as unprivileged sslh user. Check your setup.
+EOF
+  fi
+  if (( "$(vercmp $2 1.19b)" < 0 )); then
+    cat << EOF
+===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
+=====> Rename your /etc/sslh.conf into /etc/sslh.cfg
+===> sslh unit files security has been improved.
+=====> You may need to remove the PIDfile option in your /etc/sslh.cfg.
+===> sslh user is now created at unit startup (via DynamicUser)
+EOF
+  fi
+}
+
+# vim:set ts=2 sw=2 ft=sh et:

Deleted: community-x86_64/sslh.install.next
===================================================================
--- community-x86_64/sslh.install.next	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.install.next	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-# arg 1:  the new package version
-# arg 2:  the old package version
-post_upgrade() {
-  if (( "$(vercmp $2 1.14-1)" <= 0 )); then
-    cat << EOF
-===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
-EOF
-  fi
-  if (( "$(vercmp $2 1.16-3)" < 0 )); then
-    cat << EOF
-===> sslh may runs as unprivileged sslh user. Check your setup.
-EOF
-  fi
-  if (( "$(vercmp $2 1.18-2)" < 0 )); then
-    cat << EOF
-===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
-===> Rename your /etc/sslh.conf into /etc/sslh.cfg
-EOF
-  fi
-}
-
-# vim:set ts=2 sw=2 ft=sh et:

Deleted: community-x86_64/sslh.service
===================================================================
--- community-x86_64/sslh.service	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.service	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,15 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (socket mode)
-Conflicts=sslh-fork.service sslh-select.service
-Requires=sslh.socket
-PartOf=sslh.socket
-
-[Service]
-ExecStart=/usr/bin/sslh -F -f -P/tmp/pid
-KillMode=process
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-User=sslh

Copied: sslh/repos/community-x86_64/sslh.service (from rev 293861, sslh/repos/community-testing-x86_64/sslh.service)
===================================================================
--- community-x86_64/sslh.service	                        (rev 0)
+++ community-x86_64/sslh.service	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,25 @@
+[Unit]
+Description=SSL/SSH multiplexer (socket mode)
+Conflicts=sslh-fork.service sslh-select.service
+Requires=sslh.socket
+PartOf=sslh.socket
+
+[Service]
+ExecStart=/usr/bin/sslh --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true

Deleted: community-x86_64/sslh.sysusers
===================================================================
--- community-x86_64/sslh.sysusers	2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.sysusers	2018-02-13 15:12:53 UTC (rev 293862)
@@ -1 +0,0 @@
-u sslh - - -

Copied: sslh/repos/community-x86_64/sslh.sysusers (from rev 293861, sslh/repos/community-testing-x86_64/sslh.sysusers)
===================================================================
--- community-x86_64/sslh.sysusers	                        (rev 0)
+++ community-x86_64/sslh.sysusers	2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1 @@
+u sslh - - -



More information about the arch-commits mailing list