[arch-commits] Commit in i2pd/trunk (4 files)
Daniel Bermond
dbermond at archlinux.org
Fri Dec 4 16:25:41 UTC 2020
Date: Friday, December 4, 2020 @ 16:25:20
Author: dbermond
Revision: 769985
upgpkg: i2pd 2.35.0-1
Added:
i2pd/trunk/040-i2pd-systemd-service-hardening.patch
i2pd/trunk/050-i2pd-tunnels-d-readme.patch
(from rev 769984, i2pd/trunk/040-i2pd-tunnels-d-readme.patch)
Modified:
i2pd/trunk/PKGBUILD
Deleted:
i2pd/trunk/040-i2pd-tunnels-d-readme.patch
------------------------------------------+
040-i2pd-systemd-service-hardening.patch | 34 +++++++++++++++++++++++++++++
040-i2pd-tunnels-d-readme.patch | 8 ------
050-i2pd-tunnels-d-readme.patch | 8 ++++++
PKGBUILD | 15 ++++++------
4 files changed, 50 insertions(+), 15 deletions(-)
Added: 040-i2pd-systemd-service-hardening.patch
===================================================================
--- 040-i2pd-systemd-service-hardening.patch (rev 0)
+++ 040-i2pd-systemd-service-hardening.patch 2020-12-04 16:25:20 UTC (rev 769985)
@@ -0,0 +1,34 @@
+--- a/contrib/i2pd.service
++++ b/contrib/i2pd.service
+@@ -32,5 +32,31 @@ LimitNOFILE=4096
+ # To enable write of coredump uncomment this
+ #LimitCORE=infinity
+
++# Hardening options
++PrivateTmp=true
++ProtectSystem=strict
++ProtectHome=true
++PrivateDevices=true
++ProtectKernelTunables=true
++ProtectControlGroups=true
++NoNewPrivileges=true
++MemoryDenyWriteExecute=true
++LockPersonality=true
++SystemCallFilter=@system-service
++RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelLogs=true
++ProtectKernelModules=true
++ProtectProc=invisible
++ProcSubset=pid
++PrivateMounts=true
++PrivateUsers=true
++ReadWritePaths=/var/lib/i2pd /var/log/i2pd
++RemoveIPC=true
++RestrictRealtime=true
++RestrictSUIDSGID=true
++SystemCallArchitectures=native
++
+ [Install]
+ WantedBy=multi-user.target
Deleted: 040-i2pd-tunnels-d-readme.patch
===================================================================
--- 040-i2pd-tunnels-d-readme.patch 2020-12-04 15:26:28 UTC (rev 769984)
+++ 040-i2pd-tunnels-d-readme.patch 2020-12-04 16:25:20 UTC (rev 769985)
@@ -1,8 +0,0 @@
---- a/contrib/tunnels.d/README
-+++ b/contrib/tunnels.d/README
-@@ -1,4 +1,4 @@
--# In that directory you can store separated config files for every tunnel.
-+# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel.
- # Please read documentation for more info.
- #
- # You can find examples in /usr/share/doc/i2pd/tunnels.d directory
Copied: i2pd/trunk/050-i2pd-tunnels-d-readme.patch (from rev 769984, i2pd/trunk/040-i2pd-tunnels-d-readme.patch)
===================================================================
--- 050-i2pd-tunnels-d-readme.patch (rev 0)
+++ 050-i2pd-tunnels-d-readme.patch 2020-12-04 16:25:20 UTC (rev 769985)
@@ -0,0 +1,8 @@
+--- a/contrib/tunnels.d/README
++++ b/contrib/tunnels.d/README
+@@ -1,4 +1,4 @@
+-# In that directory you can store separated config files for every tunnel.
++# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel.
+ # Please read documentation for more info.
+ #
+ # You can find examples in /usr/share/doc/i2pd/tunnels.d directory
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-12-04 15:26:28 UTC (rev 769984)
+++ PKGBUILD 2020-12-04 16:25:20 UTC (rev 769985)
@@ -9,7 +9,7 @@
# Contributor: r4sas
pkgname=i2pd
-pkgver=2.34.0
+pkgver=2.35.0
pkgrel=1
pkgdesc='A full-featured C++ implementation of the I2P router'
arch=('x86_64')
@@ -20,17 +20,19 @@
provides=('i2p-router')
backup=('etc/i2pd/i2pd.conf'
'etc/i2pd/tunnels.conf')
-source=("${pkgname}-${pkgver}.tar.gz"::"https://github.com/PurpleI2P/i2pd/archive/${pkgver}.tar.gz"
+source=("https://github.com/PurpleI2P/i2pd/archive/${pkgver}/${pkgname}-${pkgver}.tar.gz"
'010-i2pd-use-arch-flags-on-tests.patch'
'020-i2pd-config.patch'
'030-i2pd-do-not-override-config.patch'
- '040-i2pd-tunnels-d-readme.patch'
+ '040-i2pd-systemd-service-hardening.patch'
+ '050-i2pd-tunnels-d-readme.patch'
'i2pd.sysusers'
'i2pd.tmpfiles')
-sha256sums=('1adb4cf629f1315e9de394630b6bf1e3ba2365fd0a3601635dfb4ba9b481cb94'
+sha256sums=('d041fd4e7a88ac168e76f66fdab40174ad093cdc13451cdbd0dd1216e5581f8a'
'0064503a9124b764d01db862ba3c2ff97bc5961d41359970df2d6ce9842a5ab5'
'452550678ea5702a6492eb58e8d0452b91dc5d0aaa112cf04542df74a3dc0dfc'
'45cfc3035c5b5cfc92cfffec1fe7d7efc4fed3229195cdb640ec4a6c405af149'
+ '578ed9767890e970bd93b44e3be85c2595c4149ed65e4cc1c79ea12e2cb6982e'
'cfcb6b07b67aff3e3af12767f4649d88b9320dc71907b6c01b465e5c138cdaa3'
'88b2e709228049ba11f37863f87de75ab6cde295104852871384337cfdc906a3'
'fe8cc2ec83cb5b5c2b2ec8cce9a989e0cb6fd347e00b84e03a17b12efd152fac')
@@ -39,7 +41,8 @@
patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/010-i2pd-use-arch-flags-on-tests.patch"
patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/020-i2pd-config.patch"
patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/030-i2pd-do-not-override-config.patch"
- patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-tunnels-d-readme.patch"
+ patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-systemd-service-hardening.patch"
+ patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/050-i2pd-tunnels-d-readme.patch"
}
build() {
@@ -50,8 +53,6 @@
-DCMAKE_INSTALL_PREFIX:PATH='/usr' \
-DBUILD_SHARED_LIBS:BOOL='ON' \
-DWITH_UPNP:BOOL='ON' \
- -DWITH_AESNI:BOOL='OFF' \
- -DWITH_AVX:BOOL='OFF' \
-Wno-dev
make -C "${pkgname}-${pkgver}/build"
}
More information about the arch-commits
mailing list