[arch-commits] Commit in prometheus-blackbox-exporter/trunk (2 files)

Jelle van der Waa jelle at archlinux.org
Wed Aug 28 14:11:12 UTC 2019


    Date: Wednesday, August 28, 2019 @ 14:11:12
  Author: jelle
Revision: 361322

upgpkg: prometheus-blackbox-exporter 0.14.0-4

Harden blackbox exporter service

Modified:
  prometheus-blackbox-exporter/trunk/PKGBUILD
  prometheus-blackbox-exporter/trunk/prometheus-blackbox-exporter.service

--------------------------------------+
 PKGBUILD                             |    4 ++--
 prometheus-blackbox-exporter.service |    9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-08-28 11:26:41 UTC (rev 361321)
+++ PKGBUILD	2019-08-28 14:11:12 UTC (rev 361322)
@@ -2,7 +2,7 @@
 
 pkgname=prometheus-blackbox-exporter
 pkgver=0.14.0
-pkgrel=3
+pkgrel=4
 pkgdesc="Allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP"
 arch=('x86_64')
 url="https://github.com/prometheus/blackbox_exporter"
@@ -11,7 +11,7 @@
 makedepends=(go-pie git)
 source=(https://github.com/prometheus/blackbox_exporter/archive/v${pkgver}.tar.gz prometheus-blackbox-exporter.service)
 sha512sums=('58f379cdeef671376105532450ffb3a6fef0ea071d493fbef40d761c6cbaec47bb49c9c2e5c070f3d0e598396d7ad9b2c5af100c9a69aee04877442c7bdaf120'
-            '1d874c5dac3c36cb9e74cf3aa7b91d92560156acfe314179608bc8534ee38bed1f7f01368a5e85fac4d954ff84039f7cc4548803a5a9167baca69163f1ba7514')
+            '3d8c060bda4baf6ae56f162fd6b3f8668bae8e80a7cd40a40cca007fe565c5872142dac8c1821944aa146d52b55720b9cc3e4b3e3ec77f76241f0cdbf01532b3')
 
 check() {
   cd blackbox_exporter-$pkgver

Modified: prometheus-blackbox-exporter.service
===================================================================
--- prometheus-blackbox-exporter.service	2019-08-28 11:26:41 UTC (rev 361321)
+++ prometheus-blackbox-exporter.service	2019-08-28 14:11:12 UTC (rev 361322)
@@ -7,5 +7,14 @@
 ExecReload=/bin/kill -HUP $MAINPID
 DynamicUser=true
 
+NoNewPrivilieges=true
+ProtectSystem=full
+ProtectKernelModules=true
+ProtectKernelTunables=true
+PrivateTmp=true
+LockPersonality=true
+ProtectHostname=true
+ProtectControlGroups=true
+
 [Install]
 WantedBy=multi-user.target



More information about the arch-commits mailing list