[arch-commits] Commit in sslh/repos (20 files)
Sébastien Luttringer
seblu at archlinux.org
Tue Feb 13 15:12:53 UTC 2018
Date: Tuesday, February 13, 2018 @ 15:12:53
Author: seblu
Revision: 293862
db-move: moved sslh from [community-testing] to [community] (x86_64)
Added:
sslh/repos/community-x86_64/PKGBUILD
(from rev 293861, sslh/repos/community-testing-x86_64/PKGBUILD)
sslh/repos/community-x86_64/sslh-fork.service
(from rev 293861, sslh/repos/community-testing-x86_64/sslh-fork.service)
sslh/repos/community-x86_64/sslh-select.service
(from rev 293861, sslh/repos/community-testing-x86_64/sslh-select.service)
sslh/repos/community-x86_64/sslh.cfg
(from rev 293861, sslh/repos/community-testing-x86_64/sslh.cfg)
sslh/repos/community-x86_64/sslh.install
(from rev 293861, sslh/repos/community-testing-x86_64/sslh.install)
sslh/repos/community-x86_64/sslh.service
(from rev 293861, sslh/repos/community-testing-x86_64/sslh.service)
sslh/repos/community-x86_64/sslh.sysusers
(from rev 293861, sslh/repos/community-testing-x86_64/sslh.sysusers)
Deleted:
sslh/repos/community-testing-x86_64/
sslh/repos/community-x86_64/PKGBUILD
sslh/repos/community-x86_64/PKGBUILD.next
sslh/repos/community-x86_64/sslh-fork.service
sslh/repos/community-x86_64/sslh-fork.service.next
sslh/repos/community-x86_64/sslh-select.service
sslh/repos/community-x86_64/sslh-select.service.next
sslh/repos/community-x86_64/sslh.cfg
sslh/repos/community-x86_64/sslh.conf
sslh/repos/community-x86_64/sslh.install
sslh/repos/community-x86_64/sslh.install.next
sslh/repos/community-x86_64/sslh.service
sslh/repos/community-x86_64/sslh.sysusers
-------------------------------------------+
/PKGBUILD | 57 ++++++++++++++++++++++
/sslh-fork.service | 27 ++++++++++
/sslh-select.service | 27 ++++++++++
/sslh.cfg | 21 ++++++++
/sslh.install | 27 ++++++++++
/sslh.service | 25 +++++++++
/sslh.sysusers | 1
community-x86_64/PKGBUILD | 52 --------------------
community-x86_64/PKGBUILD.next | 71 ----------------------------
community-x86_64/sslh-fork.service | 11 ----
community-x86_64/sslh-fork.service.next | 12 ----
community-x86_64/sslh-select.service | 10 ---
community-x86_64/sslh-select.service.next | 11 ----
community-x86_64/sslh.cfg | 29 -----------
community-x86_64/sslh.conf | 29 -----------
community-x86_64/sslh.install | 18 -------
community-x86_64/sslh.install.next | 24 ---------
community-x86_64/sslh.service | 15 -----
community-x86_64/sslh.sysusers | 1
19 files changed, 185 insertions(+), 283 deletions(-)
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/PKGBUILD 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,52 +0,0 @@
-# $Id: PKGBUILD 171217 2016-04-16 22:11:23Z seblu $
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
-# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
-
-pkgname=sslh
-pkgver=1.18
-pkgrel=4
-pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
-arch=('x86_64')
-url='http://www.rutschle.net/tech/sslh.shtml'
-license=('GPL2')
-depends=('libcap' 'libconfig')
-backup=('etc/sslh.conf')
-install=$pkgname.install
-source=("http://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"
- 'sslh.conf'
- 'sslh.sysusers'
- 'sslh-select.service'
- 'sslh-fork.service')
-md5sums=('0e3568d5d234516c634d4df156473298'
- 'd5405c7ca7e1813e4d49a473e5834640'
- 'f39544277a30595d4b7476b3f87ebbcf'
- '0f3f9e3ac2ac4b576d684b21b566aeb9'
- '4e64f0850ec9bd44071ae8d5369316e5')
-
-build() {
- cd $pkgname-v$pkgver
- make VERSION=\"v$pkgver\" USELIBCAP=1
-}
-
-package() {
- # default arch config
- install -Dm 644 sslh.conf "$pkgdir/etc/sslh.conf"
- # manually install to have both ssl-fork and ssl-select
- cd $pkgname-v$pkgver
- install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
- install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
- ln -s sslh-fork "$pkgdir/usr/bin/sslh"
- # install manpage
- install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
- # install examples files
- install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
- install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
- # systemd
- cd "$pkgdir"
- install -dm 755 usr/lib/{systemd/system,sysusers.d}
- install -Dm 644 "$srcdir"/sslh-{fork,select}.service usr/lib/systemd/system
- install -Dm 644 "$srcdir"/sslh.sysusers usr/lib/sysusers.d/sslh.conf
-}
-
-# vim:set ts=2 sw=2 et:
Copied: sslh/repos/community-x86_64/PKGBUILD (from rev 293861, sslh/repos/community-testing-x86_64/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,57 @@
+# $Id: PKGBUILD 171217 2016-04-16 22:11:23Z seblu $
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
+# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
+
+pkgname=sslh
+pkgver=1.19b
+pkgrel=1
+pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
+arch=('x86_64')
+url='https://www.rutschle.net/tech/sslh/README.html'
+license=('GPL2')
+makedepends=('systemd')
+depends=('glibc' 'libcap' 'libconfig' 'pcre' 'libsystemd')
+backup=('etc/sslh.cfg')
+install=$pkgname.install
+source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
+ 'sslh.cfg'
+ 'sslh.service'
+ 'sslh-select.service'
+ 'sslh-fork.service')
+validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
+md5sums=('33e371c978614638b4c0db4e40afa5c4'
+ 'SKIP'
+ '67a119213538aabf5d70a756ae7a99d0'
+ 'ecbb46c46874d7b620202926d36b8478'
+ '2b98633ee61bc5a809a4f75479628b2f'
+ 'ca5ec0adf9149f1db4e09af659391659')
+
+build() {
+ cd $pkgname-v$pkgver
+ make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
+}
+
+package() {
+ # default arch config
+ install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
+ # manually install to have both ssl-fork and ssl-select
+ cd $pkgname-v$pkgver
+ install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
+ install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
+ ln -s sslh-fork "$pkgdir/usr/bin/sslh"
+ # install manpage
+ install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
+ ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
+ ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
+ # install examples files
+ install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
+ install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
+ # systemd
+ install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators}
+ install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
+ cd "$pkgdir"
+ install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: community-x86_64/PKGBUILD.next
===================================================================
--- community-x86_64/PKGBUILD.next 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/PKGBUILD.next 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,71 +0,0 @@
-# $Id$
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
-# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
-
-pkgname=sslh
-pkgver=1.18
-pkgrel=1.2
-pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
-arch=('x86_64')
-url='http://www.rutschle.net/tech/sslh.shtml'
-license=('GPL2')
-makedepends=('systemd')
-depends=('libcap' 'libconfig' 'libsystemd')
-backup=('etc/sslh.cfg')
-install=$pkgname.install
-source=("http://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
- 'sslh-master.zip'
- 'sslh.cfg'
- 'sslh.sysusers'
- 'sslh.service'
- 'sslh-select.service'
- 'sslh-fork.service')
-validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
-md5sums=('0e3568d5d234516c634d4df156473298'
- 'SKIP'
- '5cfde7884d5c9d7a8b7b971b3f37e94b'
- 'd5405c7ca7e1813e4d49a473e5834640'
- 'f39544277a30595d4b7476b3f87ebbcf'
- 'e66490eacc9cb586e48e4e0562ac25e3'
- '7f95dc8ce4c8dfbe5cd0b1cabb8acb31'
- 'ea5733ec4c68709a813e84b4403e342a')
-
-build() {
- #cd $pkgname-v$pkgver
- cd sslh-master
- #FIXME: https://github.com/yrutschle/sslh/issues/103
- export CFLAGS=''
- make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
-}
-
-#check() {
-# cd $pkgname-v$pkgver
-# make test
-#}
-
-package() {
- # default arch config
- install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
- # manually install to have both ssl-fork and ssl-select
- #cd $pkgname-v$pkgver
- cd sslh-master
- install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
- install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
- ln -s sslh-fork "$pkgdir/usr/bin/sslh"
- # install manpage
- install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
- ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
- ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
- # install examples files
- install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
- install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
- # systemd
- install -dm 755 "$pkgdir"/usr/lib/{systemd/system,sysusers.d}
- install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
- cd "$pkgdir"
- install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
- install -Dm 644 "$srcdir"/sslh.sysusers usr/lib/sysusers.d/sslh.conf
-}
-
-# vim:set ts=2 sw=2 et:
Deleted: community-x86_64/sslh-fork.service
===================================================================
--- community-x86_64/sslh-fork.service 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-fork.service 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,11 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-fork -F/etc/sslh.conf
-KillMode=process
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target
Copied: sslh/repos/community-x86_64/sslh-fork.service (from rev 293861, sslh/repos/community-testing-x86_64/sslh-fork.service)
===================================================================
--- community-x86_64/sslh-fork.service (rev 0)
+++ community-x86_64/sslh-fork.service 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (fork mode)
+Conflicts=sslh-select.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-fork --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/sslh-fork.service.next
===================================================================
--- community-x86_64/sslh-fork.service.next 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-fork.service.next 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,12 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (fork mode)
-Conflicts=sslh-select.service sslh.socket
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-fork -F
-KillMode=process
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target
Deleted: community-x86_64/sslh-select.service
===================================================================
--- community-x86_64/sslh-select.service 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-select.service 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,10 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-select -F/etc/sslh.conf
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target
Copied: sslh/repos/community-x86_64/sslh-select.service (from rev 293861, sslh/repos/community-testing-x86_64/sslh-select.service)
===================================================================
--- community-x86_64/sslh-select.service (rev 0)
+++ community-x86_64/sslh-select.service 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode)
+Conflicts=sslh-fork.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-select --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/sslh-select.service.next
===================================================================
--- community-x86_64/sslh-select.service.next 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh-select.service.next 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,11 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (select mode)
-Conflicts=sslh-fork.service sslh.socket
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-select -F
-PIDFile=/run/sslh.pid
-
-[Install]
-WantedBy=multi-user.target
Deleted: community-x86_64/sslh.cfg
===================================================================
--- community-x86_64/sslh.cfg 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.cfg 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,29 +0,0 @@
-# Default Arch configuration
-# You can find more examples in /usr/share/doc/sslh
-
-verbose: false;
-foreground: true;
-inetd: false;
-numeric: false;
-transparent: false;
-timeout: 2;
-user: "sslh";
-pidfile: "/run/sslh.pid";
-
-
-listen:
-(
- { host: "::0"; port: "443"; }
-);
-
-protocols:
-(
- { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
- { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
- { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
- { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
- { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
- { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
-);
-
-# vim:set ts=4 sw=4 et:
Copied: sslh/repos/community-x86_64/sslh.cfg (from rev 293861, sslh/repos/community-testing-x86_64/sslh.cfg)
===================================================================
--- community-x86_64/sslh.cfg (rev 0)
+++ community-x86_64/sslh.cfg 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,21 @@
+# Default Arch configuration
+# You can find more examples in /usr/share/doc/sslh
+
+timeout: 2;
+
+listen:
+(
+ { host: "0.0.0.0"; port: "443"; }
+);
+
+protocols:
+(
+ { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+ { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+ { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+ { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+ { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
+ { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
+);
+
+# vim:set ts=4 sw=4 et:
Deleted: community-x86_64/sslh.conf
===================================================================
--- community-x86_64/sslh.conf 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.conf 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,29 +0,0 @@
-# Default Arch configuration
-# You can find more examples in /usr/share/doc/sslh
-
-verbose: false;
-foreground: true;
-inetd: false;
-numeric: false;
-transparent: false;
-timeout: 2;
-user: "sslh";
-pidfile: "/run/sslh.pid";
-
-
-listen:
-(
- { host: "::0"; port: "443"; }
-);
-
-protocols:
-(
- { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
- { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
- { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
- { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
- { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
- { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
-);
-
-# vim:set ts=4 sw=4 et:
Deleted: community-x86_64/sslh.install
===================================================================
--- community-x86_64/sslh.install 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.install 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_upgrade() {
- if (( "$(vercmp $2 1.14-1)" <= 0 )); then
- cat << EOF
-===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
-EOF
- fi
- if (( "$(vercmp $2 1.16-3)" < 0 )); then
- cat << EOF
-===> sslh may runs as unprivileged sslh user. Check your setup.
-EOF
- fi
-}
-
-# vim:set ts=2 sw=2 ft=sh et:
Copied: sslh/repos/community-x86_64/sslh.install (from rev 293861, sslh/repos/community-testing-x86_64/sslh.install)
===================================================================
--- community-x86_64/sslh.install (rev 0)
+++ community-x86_64/sslh.install 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_upgrade() {
+ if (( "$(vercmp $2 1.14-1)" <= 0 )); then
+ cat << EOF
+===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
+EOF
+ fi
+ if (( "$(vercmp $2 1.16-3)" < 0 )); then
+ cat << EOF
+===> sslh may runs as unprivileged sslh user. Check your setup.
+EOF
+ fi
+ if (( "$(vercmp $2 1.19b)" < 0 )); then
+ cat << EOF
+===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
+=====> Rename your /etc/sslh.conf into /etc/sslh.cfg
+===> sslh unit files security has been improved.
+=====> You may need to remove the PIDfile option in your /etc/sslh.cfg.
+===> sslh user is now created at unit startup (via DynamicUser)
+EOF
+ fi
+}
+
+# vim:set ts=2 sw=2 ft=sh et:
Deleted: community-x86_64/sslh.install.next
===================================================================
--- community-x86_64/sslh.install.next 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.install.next 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_upgrade() {
- if (( "$(vercmp $2 1.14-1)" <= 0 )); then
- cat << EOF
-===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
-EOF
- fi
- if (( "$(vercmp $2 1.16-3)" < 0 )); then
- cat << EOF
-===> sslh may runs as unprivileged sslh user. Check your setup.
-EOF
- fi
- if (( "$(vercmp $2 1.18-2)" < 0 )); then
- cat << EOF
-===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
-===> Rename your /etc/sslh.conf into /etc/sslh.cfg
-EOF
- fi
-}
-
-# vim:set ts=2 sw=2 ft=sh et:
Deleted: community-x86_64/sslh.service
===================================================================
--- community-x86_64/sslh.service 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.service 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1,15 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (socket mode)
-Conflicts=sslh-fork.service sslh-select.service
-Requires=sslh.socket
-PartOf=sslh.socket
-
-[Service]
-ExecStart=/usr/bin/sslh -F -f -P/tmp/pid
-KillMode=process
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID
-PrivateTmp=true
-PrivateDevices=true
-ProtectSystem=full
-ProtectHome=true
-User=sslh
Copied: sslh/repos/community-x86_64/sslh.service (from rev 293861, sslh/repos/community-testing-x86_64/sslh.service)
===================================================================
--- community-x86_64/sslh.service (rev 0)
+++ community-x86_64/sslh.service 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1,25 @@
+[Unit]
+Description=SSL/SSH multiplexer (socket mode)
+Conflicts=sslh-fork.service sslh-select.service
+Requires=sslh.socket
+PartOf=sslh.socket
+
+[Service]
+ExecStart=/usr/bin/sslh --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
Deleted: community-x86_64/sslh.sysusers
===================================================================
--- community-x86_64/sslh.sysusers 2018-02-13 14:42:32 UTC (rev 293861)
+++ community-x86_64/sslh.sysusers 2018-02-13 15:12:53 UTC (rev 293862)
@@ -1 +0,0 @@
-u sslh - - -
Copied: sslh/repos/community-x86_64/sslh.sysusers (from rev 293861, sslh/repos/community-testing-x86_64/sslh.sysusers)
===================================================================
--- community-x86_64/sslh.sysusers (rev 0)
+++ community-x86_64/sslh.sysusers 2018-02-13 15:12:53 UTC (rev 293862)
@@ -0,0 +1 @@
+u sslh - - -
More information about the arch-commits
mailing list