[arch-commits] Commit in kresus/trunk (PKGBUILD kresus.service)

Bruno Pagani archange at archlinux.org
Fri Nov 2 15:58:18 UTC 2018 

    Date: Friday, November 2, 2018 @ 15:58:17
  Author: archange
Revision: 401236

Rebuild for https://framagit.org/kresusapp/kresus/issues/795

Also harden even more.

Modified:
  kresus/trunk/PKGBUILD
  kresus/trunk/kresus.service

----------------+
 PKGBUILD       |    4 ++--
 kresus.service |   10 +++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-11-02 15:48:24 UTC (rev 401235)
+++ PKGBUILD	2018-11-02 15:58:17 UTC (rev 401236)
@@ -3,7 +3,7 @@
 pkgname=kresus
 pkgver=0.13.3
 _commit=c6a2355c8d31be99d1a9d8ab53d3f3e58c57cf1b
-pkgrel=1
+pkgrel=2
 pkgdesc="Self-hosted personal finance manager"
 arch=('x86_64')
 url="https://kresus.org"
@@ -19,7 +19,7 @@
         "${pkgname}.tmpfiles")
 sha256sums=('a1df0997f46e5e9d4745fc1e9f4e875ffa3c99ec32848fd78fb9872092281cc2'
             'adc91cd0cef6b546d482ebe1e9de85a451105166c15c190caa8c6a86c023b07a'
-            '5ea65d143558e50a47a65daa6a363b876e0d369a162ba88e3070f685a9ac8de9'
+            '0231362054dca49e4fadf3f853095a0f9d6ceebf1d8b12d9332a7bf8b09bcbe2'
             'd9d30f5470c7165e4917487b69d7ab82e463da4e1355056e1035ee501d3f1adc'
             'ba8ad7d9eb5d2b47fde5f6a3ab98596e5c679141b78d76d54b44830604b67632')
 

Modified: kresus.service
===================================================================
--- kresus.service	2018-11-02 15:48:24 UTC (rev 401235)
+++ kresus.service	2018-11-02 15:58:17 UTC (rev 401236)
@@ -6,10 +6,13 @@
 User=kresus
 Group=kresus
 Type=simple
-Environment="NODE_ENV=production"
+WorkingDirectory=~
+Environment=NODE_ENV=production
 ExecStart=/usr/bin/kresus -c /etc/webapps/kresus/config.ini
 Restart=always
+CapabilityBoundingSet=
 NoNewPrivileges=true
+PrivateUsers=true
 PrivateDevices=true
 PrivateTmp=true
 ProtectHome=true
@@ -18,6 +21,11 @@
 ProtectKernelTunables=true
 ProtectKernelModules=yes
 ReadWritePaths=/etc/webapps/kresus/config.ini /var/lib/kresus
+LockPersonality=true
+#MemoryDenyWriteExecute=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list