[arch-commits] Commit in i2pd/trunk (4 files)

Daniel Bermond dbermond at archlinux.org
Fri Dec 4 16:25:41 UTC 2020


    Date: Friday, December 4, 2020 @ 16:25:20
  Author: dbermond
Revision: 769985

upgpkg: i2pd 2.35.0-1

Added:
  i2pd/trunk/040-i2pd-systemd-service-hardening.patch
  i2pd/trunk/050-i2pd-tunnels-d-readme.patch
    (from rev 769984, i2pd/trunk/040-i2pd-tunnels-d-readme.patch)
Modified:
  i2pd/trunk/PKGBUILD
Deleted:
  i2pd/trunk/040-i2pd-tunnels-d-readme.patch

------------------------------------------+
 040-i2pd-systemd-service-hardening.patch |   34 +++++++++++++++++++++++++++++
 040-i2pd-tunnels-d-readme.patch          |    8 ------
 050-i2pd-tunnels-d-readme.patch          |    8 ++++++
 PKGBUILD                                 |   15 ++++++------
 4 files changed, 50 insertions(+), 15 deletions(-)

Added: 040-i2pd-systemd-service-hardening.patch
===================================================================
--- 040-i2pd-systemd-service-hardening.patch	                        (rev 0)
+++ 040-i2pd-systemd-service-hardening.patch	2020-12-04 16:25:20 UTC (rev 769985)
@@ -0,0 +1,34 @@
+--- a/contrib/i2pd.service
++++ b/contrib/i2pd.service
+@@ -32,5 +32,31 @@ LimitNOFILE=4096
+ # To enable write of coredump uncomment this
+ #LimitCORE=infinity
+ 
++# Hardening options
++PrivateTmp=true
++ProtectSystem=strict
++ProtectHome=true
++PrivateDevices=true
++ProtectKernelTunables=true
++ProtectControlGroups=true
++NoNewPrivileges=true
++MemoryDenyWriteExecute=true
++LockPersonality=true
++SystemCallFilter=@system-service
++RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelLogs=true
++ProtectKernelModules=true
++ProtectProc=invisible
++ProcSubset=pid
++PrivateMounts=true
++PrivateUsers=true
++ReadWritePaths=/var/lib/i2pd /var/log/i2pd
++RemoveIPC=true
++RestrictRealtime=true
++RestrictSUIDSGID=true
++SystemCallArchitectures=native
++
+ [Install]
+ WantedBy=multi-user.target

Deleted: 040-i2pd-tunnels-d-readme.patch
===================================================================
--- 040-i2pd-tunnels-d-readme.patch	2020-12-04 15:26:28 UTC (rev 769984)
+++ 040-i2pd-tunnels-d-readme.patch	2020-12-04 16:25:20 UTC (rev 769985)
@@ -1,8 +0,0 @@
---- a/contrib/tunnels.d/README
-+++ b/contrib/tunnels.d/README
-@@ -1,4 +1,4 @@
--# In that directory you can store separated config files for every tunnel.
-+# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel.
- # Please read documentation for more info.
- #
- # You can find examples in /usr/share/doc/i2pd/tunnels.d directory

Copied: i2pd/trunk/050-i2pd-tunnels-d-readme.patch (from rev 769984, i2pd/trunk/040-i2pd-tunnels-d-readme.patch)
===================================================================
--- 050-i2pd-tunnels-d-readme.patch	                        (rev 0)
+++ 050-i2pd-tunnels-d-readme.patch	2020-12-04 16:25:20 UTC (rev 769985)
@@ -0,0 +1,8 @@
+--- a/contrib/tunnels.d/README
++++ b/contrib/tunnels.d/README
+@@ -1,4 +1,4 @@
+-# In that directory you can store separated config files for every tunnel.
++# In the /etc/i2pd/tunnels.d directory you can store separated config files for every tunnel.
+ # Please read documentation for more info.
+ #
+ # You can find examples in /usr/share/doc/i2pd/tunnels.d directory

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-12-04 15:26:28 UTC (rev 769984)
+++ PKGBUILD	2020-12-04 16:25:20 UTC (rev 769985)
@@ -9,7 +9,7 @@
 # Contributor: r4sas
 
 pkgname=i2pd
-pkgver=2.34.0
+pkgver=2.35.0
 pkgrel=1
 pkgdesc='A full-featured C++ implementation of the I2P router'
 arch=('x86_64')
@@ -20,17 +20,19 @@
 provides=('i2p-router')
 backup=('etc/i2pd/i2pd.conf'
         'etc/i2pd/tunnels.conf')
-source=("${pkgname}-${pkgver}.tar.gz"::"https://github.com/PurpleI2P/i2pd/archive/${pkgver}.tar.gz"
+source=("https://github.com/PurpleI2P/i2pd/archive/${pkgver}/${pkgname}-${pkgver}.tar.gz"
         '010-i2pd-use-arch-flags-on-tests.patch'
         '020-i2pd-config.patch'
         '030-i2pd-do-not-override-config.patch'
-        '040-i2pd-tunnels-d-readme.patch'
+        '040-i2pd-systemd-service-hardening.patch'
+        '050-i2pd-tunnels-d-readme.patch'
         'i2pd.sysusers'
         'i2pd.tmpfiles')
-sha256sums=('1adb4cf629f1315e9de394630b6bf1e3ba2365fd0a3601635dfb4ba9b481cb94'
+sha256sums=('d041fd4e7a88ac168e76f66fdab40174ad093cdc13451cdbd0dd1216e5581f8a'
             '0064503a9124b764d01db862ba3c2ff97bc5961d41359970df2d6ce9842a5ab5'
             '452550678ea5702a6492eb58e8d0452b91dc5d0aaa112cf04542df74a3dc0dfc'
             '45cfc3035c5b5cfc92cfffec1fe7d7efc4fed3229195cdb640ec4a6c405af149'
+            '578ed9767890e970bd93b44e3be85c2595c4149ed65e4cc1c79ea12e2cb6982e'
             'cfcb6b07b67aff3e3af12767f4649d88b9320dc71907b6c01b465e5c138cdaa3'
             '88b2e709228049ba11f37863f87de75ab6cde295104852871384337cfdc906a3'
             'fe8cc2ec83cb5b5c2b2ec8cce9a989e0cb6fd347e00b84e03a17b12efd152fac')
@@ -39,7 +41,8 @@
     patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/010-i2pd-use-arch-flags-on-tests.patch"
     patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/020-i2pd-config.patch"
     patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/030-i2pd-do-not-override-config.patch"
-    patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-tunnels-d-readme.patch"
+    patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/040-i2pd-systemd-service-hardening.patch"
+    patch -d "${pkgname}-${pkgver}" -Np1 -i "${srcdir}/050-i2pd-tunnels-d-readme.patch"
 }
 
 build() {
@@ -50,8 +53,6 @@
         -DCMAKE_INSTALL_PREFIX:PATH='/usr' \
         -DBUILD_SHARED_LIBS:BOOL='ON' \
         -DWITH_UPNP:BOOL='ON' \
-        -DWITH_AESNI:BOOL='OFF' \
-        -DWITH_AVX:BOOL='OFF' \
         -Wno-dev
     make -C "${pkgname}-${pkgver}/build"
 }



More information about the arch-commits mailing list