[arch-commits] Commit in umurmur/trunk (PKGBUILD umurmur.service umurmur.tmpfiles)

David Runge dvzrv at archlinux.org
Fri Jun 14 16:15:59 UTC 2019


    Date: Friday, June 14, 2019 @ 16:15:58
  Author: dvzrv
Revision: 481479

upgpkg: umurmur 0.2.17-14

Adding contributor. Switching to correct license (BSD).
Adding tmpfiles.d integration for /etc/umurmur/umurmur.conf. Adding hardening options for umurmur.service and allowing access to realtime scheduler (RR) at priority 1 (set in service by -r flag).
Removing use of -p flag (to write PID to file), as it doesn't work with -d (no daemonize) flag.

Added:
  umurmur/trunk/umurmur.tmpfiles
Modified:
  umurmur/trunk/PKGBUILD
  umurmur/trunk/umurmur.service

------------------+
 PKGBUILD         |   23 ++++++++++++++---------
 umurmur.service  |   13 ++++++++++++-
 umurmur.tmpfiles |    1 +
 3 files changed, 27 insertions(+), 10 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-06-14 15:41:03 UTC (rev 481478)
+++ PKGBUILD	2019-06-14 16:15:58 UTC (rev 481479)
@@ -1,4 +1,5 @@
 # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: David Runge <dave at sleepmap.de>
 # Contributor: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
 # Contributor: Robert Knauer <robert at privatdemail.net>
 # Contributor: xav <xav at ethertricks dot net>
@@ -5,23 +6,26 @@
 
 pkgname=umurmur
 pkgver=0.2.17
-pkgrel=13
+pkgrel=14
 pkgdesc='Minimalistic Mumble server'
 url='https://github.com/umurmur/umurmur'
 arch=('x86_64')
-license=('custom')
+license=('BSD')
 depends=('mbedtls' 'libconfig' 'protobuf-c')
 makedepends=('cmake')
 backup=('etc/umurmur/umurmur.conf')
 source=(${pkgname}-${pkgver}.tar.gz::https://github.com/umurmur/umurmur/archive/${pkgver}.tar.gz
         umurmur.sysusers
-        umurmur.service)
+        umurmur.service
+        umurmur.tmpfiles)
 sha256sums=('e77b7b6616768f4a1c07442afe49a772692f667b00c23cc85909d4dd0ce206d2'
             '0fc68df464ee51a431d934d068aed0be5f8c5e64d0bd29848f97532d39f8c310'
-            '3575e69da5ad1fc8541ef37af90cdd245e3202980589ffd26d124fd9e785b738')
+            'b8b22b6299777fbd1d12e3105280c8585ceca9b6caf7b8d3ab0642c5a56b031f'
+            '287068f47fc035a70e2ae0c8434e8013f176d185bf7688216c36976982fe4491')
 sha512sums=('a496a51fd7815ad117f5aee17bb78cbd319c584ad60ab8aebbfd8ddf7b1760f443f2337bc74be1e0d5af17d3c3df2ae6c9060eca576cf1e6ed4c6cb0825e9c15'
             'd84950a32ab8a2e84f5fe333cd2894e52aba624531644d106c982aa4ff04271d318543398fa7f48c719f26338679fa971bb5332472e9040ac9aa8a9b4a1f2832'
-            'ceb42e7ed4385d16c9d9f30312cc5a57b0ee0ba0ec423e7e2f3e9abc1956506e8817e9a3cb2257112434d568594f4e495f1661af0f89451f802f924790df8ffa')
+            '746a3e2d9e8c5154bdfb2cef6cbe39cccf0356bc1dde0434b92ec1a6b224a5bfa51fd15483c3ac5a75292eae7a6d4b0431ecb2a586bdd9fcc3fe9b2a7bff64a1'
+            '825b50448231b5d791e87d7c4c471fdfe2e9a1560dad6fc90c2f4f8d0c5ed682291bf20b147a6a8c7ae361aeb8b1a11c24c6d41ffc17f06fb0f5ccd8208a899a')
 
 prepare() {
   cd ${pkgname}-${pkgver}
@@ -39,12 +43,13 @@
 package() {
   cd ${pkgname}-${pkgver}
   make -C build DESTDIR="${pkgdir}" install
-  install -Dm 644 "${pkgdir}/usr/etc/umurmur.conf" -t "${pkgdir}/etc/umurmur"
+  install -vDm 640 "${pkgdir}/usr/etc/umurmur.conf" -t "${pkgdir}/etc/umurmur"
   rm -r "${pkgdir}/usr/etc"
-  install -Dm 644 "${srcdir}/umurmur.service" -t "${pkgdir}/usr/lib/systemd/system"
-  install -Dm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+  install -vDm 644 "${srcdir}/umurmur.service" -t "${pkgdir}/usr/lib/systemd/system"
+  install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
 
-  install -Dm 644 "${srcdir}/umurmur.sysusers" "${pkgdir}/usr/lib/sysusers.d/umurmur.conf"
+  install -vDm 644 "${srcdir}/umurmur.sysusers" "${pkgdir}/usr/lib/sysusers.d/umurmur.conf"
+  install -vDm 644 "${srcdir}/umurmur.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/umurmur.conf"
 }
 
 # vim: ts=2 sw=2 et:

Modified: umurmur.service
===================================================================
--- umurmur.service	2019-06-14 15:41:03 UTC (rev 481478)
+++ umurmur.service	2019-06-14 16:15:58 UTC (rev 481479)
@@ -8,8 +8,19 @@
 Group=umurmur
 PIDFile=/run/umurmurd.pid
 ExecStartPre=/usr/bin/umurmurd -t -c /etc/umurmur/umurmur.conf
-ExecStart=/usr/bin/umurmurd -d -r -p /run/umurmurd.pid -c /etc/umurmur/umurmur.conf
+ExecStart=/usr/bin/umurmurd -d -r -c /etc/umurmur/umurmur.conf
 ExecReload=/bin/kill -HUP $MAINPID
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ReadWriteDirectories=/etc/umurmur
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+NoNewPrivileges=yes
+LimitRTPRIO=1
 
 [Install]
 WantedBy=multi-user.target

Added: umurmur.tmpfiles
===================================================================
--- umurmur.tmpfiles	                        (rev 0)
+++ umurmur.tmpfiles	2019-06-14 16:15:58 UTC (rev 481479)
@@ -0,0 +1 @@
+z /etc/umurmur/umurmur.conf 0640 root umurmur


More information about the arch-commits mailing list