[arch-commits] Commit in traefik/trunk (PKGBUILD traefik.service traefik.sysusers)
Christian Rebischke
shibumi at archlinux.org
Sat Feb 22 23:12:29 UTC 2020
Date: Saturday, February 22, 2020 @ 23:12:28
Author: shibumi
Revision: 579193
upgpkg: traefik 2.1.4-3 Fix #65593
add traefik service
add traefik sysusers file
noextract tarball, because we need a clean build environment.
Otherwise the go tests will fail, due to service and sysusers files in the repo.
Added:
traefik/trunk/traefik.service
traefik/trunk/traefik.sysusers
Modified:
traefik/trunk/PKGBUILD
------------------+
PKGBUILD | 25 +++++++++++++++++++++----
traefik.service | 41 +++++++++++++++++++++++++++++++++++++++++
traefik.sysusers | 1 +
3 files changed, 63 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-02-22 22:38:08 UTC (rev 579192)
+++ PKGBUILD 2020-02-22 23:12:28 UTC (rev 579193)
@@ -2,7 +2,7 @@
pkgname=traefik
pkgver=2.1.4
-pkgrel=2
+pkgrel=3
pkgdesc="Modern reverse proxy written in Go"
arch=('x86_64')
url="https://containo.us/traefik/"
@@ -9,10 +9,24 @@
license=('MIT')
makedepends=('go-pie' 'git' 'go-bindata')
depends=('glibc')
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/containous/traefik/releases/download/v${pkgver}/traefik-v${pkgver}.src.tar.gz")
-sha512sums=('c45d8b90bc1fc437f38102c03f7d5383b94e5ee362d2c2c837085d80a5007d0432989abc5698267260fb9ba8b22561c68012b47ad0367bc221d501b776ed8992')
+backup=('etc/traefik/traefik.toml'
+ 'etc/traefik/traefik.yaml'
+ 'etc/traefik/traefik.yml')
+source=("${pkgname}-${pkgver}.tar.gz::https://github.com/containous/traefik/releases/download/v${pkgver}/traefik-v${pkgver}.src.tar.gz"
+ 'traefik.service'
+ 'traefik.sysusers')
+noextract=("${pkgname}-${pkgver}.tar.gz")
+sha512sums=('c45d8b90bc1fc437f38102c03f7d5383b94e5ee362d2c2c837085d80a5007d0432989abc5698267260fb9ba8b22561c68012b47ad0367bc221d501b776ed8992'
+ '474dc8274d160bf46a46edf8855378331521b108a767345fb8cb201f23576ceadbee81560d15cf98cac3a978eb24b49f951524da828ffda720797f7ab38bd49c'
+ '5fecfed5df77bf28c2c976ebaebedb030904d41509e740821140a4889bda20327f416e78f8d19b0ee78c8bc422d1907ce05ef3562e4d3e36ddfbdbea5e860b2a')
+prepare() {
+ mkdir "${srcdir}/${pkgname}-${pkgver}"
+ tar xfvz "${srcdir}/${pkgname}-${pkgver}.tar.gz" -C "${srcdir}/${pkgname}-${pkgver}"
+}
+
build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
go generate
cd cmd/traefik
go build -trimpath -ldflags "-extldflags ${LDFLAGS}"
@@ -19,11 +33,14 @@
}
check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
go test ./...
}
package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
install -Dm755 cmd/traefik/"${pkgname}" "${pkgdir}/usr/bin/${pkgname}"
install -Dm644 LICENSE.md "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
- install -Dm644 contrib/systemd/traefik.service "${pkgdir}/usr/lib/systemd/system/traefik.service"
+ install -Dm644 "${srcdir}/traefik.service" "${pkgdir}/usr/lib/systemd/system/traefik.service"
+ install -Dm644 "${srcdir}/traefik.sysusers" "${pkgdir}/usr/lib/sysusers.d/traefik.conf"
}
Added: traefik.service
===================================================================
--- traefik.service (rev 0)
+++ traefik.service 2020-02-22 23:12:28 UTC (rev 579193)
@@ -0,0 +1,41 @@
+[Unit]
+Description=Traefik
+Documentation=https://docs.traefik.io
+After=network-online.target
+AssertFileIsExecutable=/usr/bin/traefik
+AssertPathExists=/etc/traefik/traefik.toml
+
+[Service]
+# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
+User=traefik
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# configure service behavior
+Type=notify
+ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
+Restart=always
+WatchdogSec=1s
+
+# lock down system access
+# prohibit any operating system and configuration modification
+ProtectSystem=strict
+# create separate, new (and empty) /tmp and /var/tmp filesystems
+PrivateTmp=true
+# make /home directories inaccessible
+ProtectHome=true
+# turns off access to physical devices (/dev/...)
+PrivateDevices=true
+# make kernel settings (procfs and sysfs) read-only
+ProtectKernelTunables=true
+# make cgroups /sys/fs/cgroup read-only
+ProtectControlGroups=true
+
+# allow writing of acme.json
+ReadWritePaths=/etc/traefik/acme.json
+# depending on log and entrypoint configuration, you may need to allow writing to other paths, too
+
+# limit number of processes in this unit
+#LimitNPROC=1
+
+[Install]
+WantedBy=multi-user.target
Added: traefik.sysusers
===================================================================
--- traefik.sysusers (rev 0)
+++ traefik.sysusers 2020-02-22 23:12:28 UTC (rev 579193)
@@ -0,0 +1 @@
+u traefik - "traefik daemon" -
More information about the arch-commits
mailing list