[arch-commits] Commit in pound/trunk (5 files)
David Runge
dvzrv at archlinux.org
Sat Mar 17 19:08:19 UTC 2018
Date: Saturday, March 17, 2018 @ 19:08:18
Author: dvzrv
Revision: 308968
upgpkg: pound 2.7-6
Updating maintainer. Adding pgp verification of source.
Removing runit. Fixing build() and package() to use root for ownership of files.
Installing various docs. Switching to user/group pound in configuration and moving Control socket to /run/pound/ directory.
Adding Documentation, After and Wants to service. Using DynamicUser and RuntimeDirectory.
Adding CapabilityBoundSet/AmbientCapabilities to allow bind to ports below 1024 (CAP_NET_BIND_SERVICE).
Modified:
pound/trunk/PKGBUILD
pound/trunk/pound.cfg
pound/trunk/pound.service
Deleted:
pound/trunk/ChangeLog
pound/trunk/pound.runit
---------------+
ChangeLog | 22 ------------------
PKGBUILD | 68 ++++++++++++++++++++++++++++++++------------------------
pound.cfg | 6 ++--
pound.runit | 23 ------------------
pound.service | 11 ++++++++-
5 files changed, 53 insertions(+), 77 deletions(-)
Deleted: ChangeLog
===================================================================
--- ChangeLog 2018-03-17 18:57:31 UTC (rev 308967)
+++ ChangeLog 2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,22 +0,0 @@
-
-2009-03-22 Douglas Soares de Andrade <douglas at archlinux.org>
-
- * Updated for i686: 2.4.4
- * Fixed an issue with the rc.d pound script
-
-2008-06-22 Mateusz Herych <heniekk at gmail.com>
-
- * Adding for x86_64 community - 2.4.3
-
-2008-06-22 Douglas Soares de Andrade <dsa at aur.archlinux.org>
-
- * Adding for i686 community - 2.4.3
-
-2008-05-22 Mateusz Herych <heniekk at gmail.com>
-
- * Adding to community for x86_64
-
-2008-05-21 Douglas Soares de Andrade <dsa at aur.archlinux.org>
-
- * Adding to community for i686
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-03-17 18:57:31 UTC (rev 308967)
+++ PKGBUILD 2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,48 +1,60 @@
# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Maintainer: Douglas Soares de Andrade <dsa at aur.archlinux.org>
+# Maintainer: David Runge <dave at sleepmap.de>
+# Contributor: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: Douglas Soares de Andrade <dsa at aur.archlinux.org>
# Contributor: Roberto Alsina <ralsina at kde.org>
+_name=Pound
pkgname=pound
pkgver=2.7
-pkgrel=5
+pkgrel=6
pkgdesc="A reverse proxy, load balancer, and SSL wrapper"
arch=('x86_64')
url="http://www.apsis.ch/pound/index_html"
-license=('GPL')
-depends=('pcre' 'openssl-1.0')
-backup=(etc/pound/pound.cfg)
-source=(http://www.apsis.ch/pound/Pound-$pkgver.tgz
- pound.runit
- pound.service
- pound.cfg)
-md5sums=('ec8298aa3e4aee3ffbecdc0639d7f14a'
- '2a555ee5871a849cb1f6e6ba2ff054df'
- 'c0d0726a96dfda0e83843362e401b3dc'
- '8937808acd22c6391ebe4340af8df854')
+license=('GPL3')
+depends=('gperftools' 'pcre' 'openssl-1.0')
+backup=('etc/pound/pound.cfg')
+# switch to https://github.com/graygnuorg/pound for openssl
+source=("http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.tgz"
+ "${_name}-${pkgver}.tgz.asc::http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.asc"
+ "${pkgname}.service"
+ "${pkgname}.cfg")
+sha512sums=('3edfb948715ff7e38b7665cc083eb5619daf4c2ddda4efcffffa2bcf5d8c1ee158fa5275b16bbaea4cf51bf3f8c022ba2197d5f67d57732404a448ae00e62aa1'
+ 'SKIP'
+ '7111df07cb3500c378afb19abbd1ef5f97a566101cd68712a1d6c8015f23463fc06347ec8cb189f2774c954343b8b8815416be1a4acd3ec31f20f03e90cdf603'
+ '32d33474a115dfc9d5ccc094ffdb3c367108a48976cf3e58442642dab08167cd0a1808eefa1879e3c38b607d2a6a1cd28142dbd690244368760daba1f95526f6')
prepare() {
- cd "$srcdir"/Pound-$pkgver
- sed -i -e 's/openssl/openssl-1.0/' Makefile.in
+ cp -av "${_name}-${pkgver}" "${pkgname}-${pkgver}"
+ cd "${pkgname}-${pkgver}"
+ # use openssl-1.0 to generate dhparam
+ sed -e 's/openssl/openssl-1.0/' -i Makefile.in
}
build() {
- cd "$srcdir"/Pound-$pkgver
+ cd "${pkgname}-${pkgver}"
CPPFLAGS+=" -I/usr/include/openssl-1.0" \
LDFLAGS+=" -L/usr/lib/openssl-1.0" \
- ./configure --prefix=/usr --sysconfdir=/etc/pound --sbindir=/usr/bin
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc/pound \
+ --bindir=/usr/bin \
+ --sbindir=/usr/bin \
+ --with-ssl='/usr/lib/openssl-1.0' \
+ --with-owner=root \
+ --with-group=root
make
}
package() {
- cd "$srcdir"/Pound-$pkgver
- install -d "$pkgdir"/usr/sbin
- make DESTDIR="$pkgdir" install
- chown root.root -R "$pkgdir"/usr
- install -d "$pkgdir"/etc/sv
- install -d "$pkgdir"/etc/sv/pound
- install -m0755 "$srcdir"/pound.runit "$pkgdir"/etc/sv/pound/run
- install -D -m0644 "$srcdir"/pound.cfg "$pkgdir"/etc/pound/pound.cfg
- install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service
- rmdir "$pkgdir"/usr/sbin
+ cd "${pkgname}-${pkgver}"
+ make DESTDIR="$pkgdir" install
+ # configuration
+ install -vDm 0644 "${srcdir}/${pkgname}.cfg" \
+ "${pkgdir}/etc/${pkgname}/${pkgname}.cfg"
+ # systemd service
+ install -vDm 0644 "$srcdir/${pkgname}.service" \
+ "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+ # docs
+ install -vDm 0644 {CHANGELOG,FAQ,README} \
+ -t "${pkgdir}/usr/share/doc/${pkgname}/"
}
Modified: pound.cfg
===================================================================
--- pound.cfg 2018-03-17 18:57:31 UTC (rev 308967)
+++ pound.cfg 2018-03-17 19:08:18 UTC (rev 308968)
@@ -6,8 +6,8 @@
## GLOBAL SETTINGS
##
## Specify the user and group Pound will run as.
-#User "http"
-#Group "http"
+#User "pound"
+#Group "pound"
##
## Specify the directory that Pound will chroot to at runtime.
#RootJail "/"
@@ -46,7 +46,7 @@
#SSLEngine "name"
##
## Set the control socket path.
-#Control "/tmp/poundctl.socket"
+Control "/run/pound/poundctl.socket"
##
##
## LISTENERS
Deleted: pound.runit
===================================================================
--- pound.runit 2018-03-17 18:57:31 UTC (rev 308967)
+++ pound.runit 2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,23 +0,0 @@
-#!/bin/sh
-exec 2>&1
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-BIN=/usr/bin/pound
-OPTS="-f /etc/pound/pound.cfg -p /var/run/pound.pid"
-SVC=pound
-
-PID=`pidof $BIN`
-if [ -z "$PID" ]
-then
- if [ -f /var/run/$SVC.pid ]
- then
- rm /var/run/$SVC.pid
- rm_daemon $SVC
- fi
- echo "Starting $SVC daemon"
- $BIN $OPTS
-else
- [ -z $PID ] || exec watchpid $PID
-fi
Modified: pound.service
===================================================================
--- pound.service 2018-03-17 18:57:31 UTC (rev 308967)
+++ pound.service 2018-03-17 19:08:18 UTC (rev 308968)
@@ -1,10 +1,19 @@
[Unit]
Description=A reverse proxy, load balancer, and SSL wrapper
+Documentation=man:pound(8)
+After=syslog.target network-online.target systemd-sysusers.service
+Wants=network-online.target
[Service]
Type=forking
+DynamicUser=yes
+RuntimeDirectory=pound
+ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound.pid
PIDFile=/run/pound.pid
-ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound.pid
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
More information about the arch-commits
mailing list