[arch-commits] Commit in cockpit/trunk (3 files)
Massimiliano Torromeo
mtorromeo at archlinux.org
Thu Oct 24 20:32:01 UTC 2019
Date: Thursday, October 24, 2019 @ 20:32:01
Author: mtorromeo
Revision: 518831
Implemented security hardening of the web services
Added:
cockpit/trunk/cockpit-ws.sysuser.conf
cockpit/trunk/cockpit-wsinstance.sysuser.conf
Modified:
cockpit/trunk/PKGBUILD
---------------------------------+
PKGBUILD | 24 +++++++++++++++++-------
cockpit-ws.sysuser.conf | 1 +
cockpit-wsinstance.sysuser.conf | 1 +
3 files changed, 19 insertions(+), 7 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-10-24 20:26:04 UTC (rev 518830)
+++ PKGBUILD 2019-10-24 20:32:01 UTC (rev 518831)
@@ -6,19 +6,23 @@
pkgbase=cockpit
pkgname=(cockpit cockpit-pcp cockpit-dashboard)
pkgver=205
-pkgrel=1
+pkgrel=2
pkgdesc='A systemd web based user interface for Linux servers'
arch=('x86_64')
url='https://cockpit-project.org/'
license=(LGPL)
-makedepends=(libssh krb5 libssh accountsservice perl-json perl-locale-po json-glib glib-networking
+makedepends=(krb5 libssh accountsservice perl-json perl-locale-po json-glib glib-networking
git intltool gtk-doc gobject-introspection networkmanager libgsystem xmlto npm pcp)
source=("https://github.com/cockpit-project/cockpit/releases/download/$pkgver/cockpit-$pkgver.tar.xz"
"https://github.com/cockpit-project/cockpit/releases/download/$pkgver/cockpit-cache-$pkgver.tar.xz"
- "cockpit.pam")
+ "cockpit.pam"
+ "cockpit-ws.sysuser.conf"
+ "cockpit-wsinstance.sysuser.conf")
sha256sums=('72e02d9cf1750abba5832f718b692879bf327156877ed922a78cf89d914e8a4d'
'1adea0d8cd6dbdb0f1ad0a788a35257cfe3e5e0b5bcaedb42ad460582ffd3c1e'
- 'a979e236681c6a06906937cf0f012e976347af5d6d7e7ae04a11acb01cc2689d')
+ 'a979e236681c6a06906937cf0f012e976347af5d6d7e7ae04a11acb01cc2689d'
+ '1ad9dad75858264778bd94799b60c651f7cc1c7f7fa1c54622174303e639287a'
+ '46ee8ecad7bc97ba588ab9471dde76e41c00daf40658902425626c3a1938b438')
build() {
cd cockpit-$pkgver
@@ -30,12 +34,14 @@
--localstatedir=/var \
--disable-dependency-tracking \
--with-appstream-data-packages='[ "archlinux-appstream-data" ]' \
- --with-nfs-client-package='"nfs-utils"'
+ --with-nfs-client-package='"nfs-utils"' \
+ --with-cockpit-user=cockpit-ws \
+ --with-cockpit-ws-instance-user=cockpit-wsinstance
make all
}
package_cockpit() {
- depends=(libssh krb5 libssh accountsservice perl-json perl-locale-po json-glib glib-networking)
+ depends=(krb5 libssh accountsservice perl-json perl-locale-po json-glib glib-networking)
backup=('etc/pam.d/cockpit')
optdepends=("cockpit-pcp: reading performance metrics"
"cockpit-dashboard: dashboard and support for connecting to remote hosts"
@@ -49,8 +55,12 @@
cd cockpit-$pkgver
make DESTDIR="$pkgdir" install
rm -rf "$pkgdir"/usr/{src,lib/firewalld}
- install -Dm 644 "$srcdir"/cockpit.pam "$pkgdir"/etc/pam.d/cockpit
+ install -Dm644 "$srcdir"/cockpit.pam "$pkgdir"/etc/pam.d/cockpit
+ install -Dm644 "$srcdir"/cockpit-ws.sysuser.conf "$pkgdir"/usr/lib/sysusers.d/cockpit-ws.conf
+ install -Dm644 "$srcdir"/cockpit-wsinstance.sysuser.conf "$pkgdir"/usr/lib/sysusers.d/cockpit-wsinstance.conf
+ echo "z /usr/lib/cockpit/cockpit-session - - cockpit-wsinstance -" >> "$pkgdir"/usr/lib/tmpfiles.d/cockpit-tempfiles.conf
+
# remove unused plugins
rm -rf "$pkgdir"/usr/share/cockpit/{selinux,playground,sosreport} \
"$pkgdir"/usr/share/metainfo/org.cockpit-project.cockpit-{selinux,sosreport}.metainfo.xml
Added: cockpit-ws.sysuser.conf
===================================================================
--- cockpit-ws.sysuser.conf (rev 0)
+++ cockpit-ws.sysuser.conf 2019-10-24 20:32:01 UTC (rev 518831)
@@ -0,0 +1 @@
+u cockpit-ws - "User for cockpit web service"
Added: cockpit-wsinstance.sysuser.conf
===================================================================
--- cockpit-wsinstance.sysuser.conf (rev 0)
+++ cockpit-wsinstance.sysuser.conf 2019-10-24 20:32:01 UTC (rev 518831)
@@ -0,0 +1 @@
+u cockpit-wsinstance - "User for cockpit-ws instances"
More information about the arch-commits
mailing list