[arch-commits] Commit in gitea/trunk (PKGBUILD gitea.service)

Bruno Pagani archange at archlinux.org
Thu Nov 1 16:30:43 UTC 2018 

    Date: Thursday, November 1, 2018 @ 16:30:43
  Author: archange
Revision: 401122

Harden even more, but let it write logs and listen on socket

Modified:
  gitea/trunk/PKGBUILD
  gitea/trunk/gitea.service

---------------+
 PKGBUILD      |    4 ++--
 gitea.service |   10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-11-01 16:15:56 UTC (rev 401121)
+++ PKGBUILD	2018-11-01 16:30:43 UTC (rev 401122)
@@ -4,7 +4,7 @@
 
 pkgname=gitea
 pkgver=1.5.3
-pkgrel=1
+pkgrel=2
 pkgdesc="Painless self-hosted Git service. Community managed fork of Gogs."
 arch=('x86_64')
 url="https://gitea.io"
@@ -30,7 +30,7 @@
         gitea-disable-u2f.patch)
 sha256sums=('SKIP'
             'da04ca25b76bcfc443c49da056393240d94d8c7e3b4bd63d4cf10e5aea001239'
-            '49c6da593d9c463d39bec47aa2496a636944d5c673c2983be731466d4dbbf578'
+            '98339795107f1979c6aff6a8a5255d4d368cbabd4e8760867b789646d749b3ae'
             '66c5a84fbbe56dd8b3bca3a779aaaf5d4855573f0dd2b273018a8983d7951a72'
             'f062d395b3122edcbcb51f6bac59da70ef57bfcf4693c17bde14ee35b1ef5e92'
             'd6842efd13b6971b77d233ff3ac2bd3d81c5d26c348ae1f2a2b19b0e7237726e')

Modified: gitea.service
===================================================================
--- gitea.service	2018-11-01 16:15:56 UTC (rev 401121)
+++ gitea.service	2018-11-01 16:30:43 UTC (rev 401122)
@@ -12,10 +12,15 @@
 Group=git
 Type=simple
 WorkingDirectory=/var/lib/gitea
+RuntimeDirectory=gitea
+LogsDirectory=gitea
 Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
 ExecStart=/usr/bin/gitea web -c /etc/gitea/app.ini
 Restart=always
 RestartSec=2s
+CapabilityBoundingSet=
+NoNewPrivileges=True
+PrivateUsers=true
 PrivateDevices=true
 PrivateTmp=true
 ProtectHome=true
@@ -24,6 +29,11 @@
 ProtectKernelTunables=true
 ProtectKernelModules=yes
 ReadWritePaths=/etc/gitea/app.ini /var/lib/gitea
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list