[arch-commits] Commit in cozy-stack/trunk (PKGBUILD cozy-stack.service)

[Bruno Pagani]

    Date: Tuesday, November 6, 2018 @ 16:24:24
  Author: archange
Revision: 401708

upgpkg: cozy-stack 2018M4S3-1

Modified:
  cozy-stack/trunk/PKGBUILD
  cozy-stack/trunk/cozy-stack.service

--------------------+
 PKGBUILD           |   12 ++++++------
 cozy-stack.service |   19 +++++++++++++++++++
 2 files changed, 25 insertions(+), 6 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-11-06 15:33:13 UTC (rev 401707)
+++ PKGBUILD	2018-11-06 16:24:24 UTC (rev 401708)
@@ -1,8 +1,8 @@
 # Maintainer: Bruno Pagani <archange at archlinux.org>
 
 pkgname=cozy-stack
-pkgver=2018M4S2
-pkgrel=2
+pkgver=2018M4S3
+pkgrel=1
 pkgdesc="Digital home: brings all your web services in the same private space – Stack component"
 arch=('x86_64')
 url="https://cozy.io"
@@ -14,14 +14,14 @@
 optdepends=('nodejs: konnectors without isolation'
             'nsjail: isolated konnectors'
             'smtp-forwarder: to allow sending mail to users')
-source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver/+/-}.orig.tar.xz"
+source=("https://apt.cozy.io/debian/pool/testing/c/${pkgname}/${pkgname}_${pkgver}.orig.tar.xz"
         "cozy.yml"
         "${pkgname}.service"
         "${pkgname}.sysusers"
         "${pkgname}.tmpfiles")
-sha256sums=('04dce19da46cd507335d60fac28a20dad489a1bc321ee47df1693b2a2661885d'
+sha256sums=('5ab1975ccb042c841915041546c330fce82992c7bc92bfdf2288d3f7a6190818'
             '450a41a054871b63ee0d968397d623faa50532269d875c0174633ea543701431'
-            'f0a8cc43c51daeba92b36b449537eb6fa5d3fb84ef1428dc586266749ed742e0'
+            'ad9b40170e2b07d5aa5ea6d444ad16c96bb39adb5ff579db5cc39cb4e2ec3f91'
             'a6bea52350e85163c3141509a52903223fa0f6e7390b1b1f9336c326a8fff984'
             'fd333c2fd0de859890204554f52a5c64b953664f6cb262b20bb839aa70ed9ecb')
 
@@ -28,7 +28,7 @@
 build() {
     export GOPATH="${srcdir}"/cozy-stack
     cd cozy-stack/src/github.com/cozy/cozy-stack
-    go build -o "${srcdir}"/bin/cozy-stack \
+    go build -v -o "${srcdir}"/bin/cozy-stack \
              -gcflags "all=-trimpath=${GOPATH}" \
              -asmflags "all=-trimpath=${GOPATH}" \
              -ldflags "-X github.com/cozy/cozy-stack/pkg/config.Version=${pkgver} \

Modified: cozy-stack.service
===================================================================
--- cozy-stack.service	2018-11-06 15:33:13 UTC (rev 401707)
+++ cozy-stack.service	2018-11-06 16:24:24 UTC (rev 401708)
@@ -7,8 +7,27 @@
 User=cozy
 Group=cozy
 PermissionsStartOnly=true
+WorkingDirectory=~
+LogsDirectory=cozy
+StateDirectory=cozy
 ExecStart=/usr/bin/cozy-stack serve
 Restart=always
+CapabilityBoundingSet=
+NoNewPrivileges=True
+#SecureBits=noroot-locked
+PrivateUsers=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectControlGroups=yes
+ProtectKernelTunables=true
+ProtectKernelModules=yes
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target