[arch-commits] Commit in radicale/trunk (PKGBUILD radicale.install radicale.service)

David Runge dvzrv at archlinux.org
Tue May 19 17:43:06 UTC 2020 

    Date: Tuesday, May 19, 2020 @ 17:43:06
  Author: dvzrv
Revision: 629954

upgpkg: radicale 3.0.0-1: Upgrading to 3.0.0.

Updating to currently required depends.
Removing non-required checkdepends and removing all pytest extensions from setup.cfg.
Running pytest against a test installation of radicale.
Adding radicale.install to warn of changes to filesystem storage and configuration.
Adding further service hardening options to radicale.service and dropping the now obsolete -f flag to radicale.

Added:
  radicale/trunk/radicale.install
Modified:
  radicale/trunk/PKGBUILD
  radicale/trunk/radicale.service

------------------+
 PKGBUILD         |   28 ++++++++++++++++++----------
 radicale.install |    8 ++++++++
 radicale.service |   31 ++++++++++++++++++++++---------
 3 files changed, 48 insertions(+), 19 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-05-19 17:43:03 UTC (rev 629953)
+++ PKGBUILD	2020-05-19 17:43:06 UTC (rev 629954)
@@ -5,32 +5,33 @@
 
 pkgname=radicale
 _name=Radicale
-pkgver=2.1.11
-pkgrel=3
+pkgver=3.0.0
+pkgrel=1
 pkgdesc='Simple calendar (CalDAV) and contact (CardDAV) server'
 arch=('any')
 url="https://radicale.org/"
 license=('GPL3')
-depends=('python-bcrypt' 'python-passlib' 'python-setuptools' 'python-vobject')
-checkdepends=('python-bcrypt' 'python-pytest-cov' 'python-pytest-flake8' 'python-pytest-isort' 'python-pytest-runner')
+depends=('python-bcrypt' 'python-dateutil' 'python-defusedxml' 'python-passlib'
+'python-setuptools' 'python-vobject')
+checkdepends=('python-pytest' 'python-pytest-runner' 'python-waitress')
 backup=('etc/radicale/config'
         'etc/radicale/rights'
         'etc/radicale/users')
+install="${pkgname}.install"
 source=("${pkgname}-${pkgver}.tar.gz::https://github.com/Kozea/${pkgname}/archive/${pkgver}.tar.gz"
         "${pkgname}-sysusers.conf"
         "${pkgname}-tmpfiles.conf"
         "${pkgname}.service")
-sha512sums=('ccdcc61e7f0d62041bdc41ea2004f721d0ce40d6d73b0475ccc8ff91224f0881a2d9749adfa5a7555782a0daf8bb4c8b29d724d68b486c5b1b8b5befd988781d'
+sha512sums=('3a9a62755c35f7446bcc0fe8394a0064fc9191b1be465899901d01e551ecc1f1f86f3bec29408e8c5022211b2d87a09e218dea80f424124cccf2bcb5192997bb'
             '56dffb66e018cfbf158dc5d8fe638b3cb31229945f659aae5623f219bcd1d68ddc375f1633fa8e857a9b2f50c9e05a06efce165370137d6e116a4f187466637f'
             '9d0dd88e4a34e9f97abda1785698e4b2a5e8202063deeb91b84e13c05e00b07e45b8d4d9eca09b9241b1138bbbfdc999dba0135c18f5bc0c08d65b0cd83b367b'
-            '2e2a99fb0a42d3f0f8ac9d0264376441ea600508e98c5dfb3ebcd6de096286a276747455fdf4b5c771f3cc6f454cb0277dc62cc9b11e278bd5fe74cb2b7b979a')
+            '6f411daf18fbeeb7cc8626652f4b87ac6ec5e4ec1212821c426de711c907be41ab995d5b35be4ff0d663edb1028f99d6c07a53158acf519e7560e230c022c986')
 
 prepare() {
   mv -v ${_name}-${pkgver} ${pkgname}-${pkgver}
   cd ${pkgname}-${pkgver}
-  # removing useless flake8 and isort tests
-  sed -e 's/--flake8 --isort//' \
-      -i setup.cfg
+  # removing flake8, isort and coverage
+  sed -e '/addopts/d' -i setup.cfg
   touch "users"
 }
 
@@ -40,8 +41,15 @@
 }
 
 check() {
+  local python_version=$(python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))')
   cd "${pkgname}-${pkgver}"
-  python setup.py test
+  mkdir -vp testdir
+  python setup.py install --skip-build \
+    --optimize=1 \
+    --prefix=/usr \
+    --root="testdir"
+  export PYTHONPATH="testdir/usr/lib/python${python_version}/site-packages:${PYTHONPATH}"
+  pytest -v
 }
 
 package() {

Added: radicale.install
===================================================================
--- radicale.install	                        (rev 0)
+++ radicale.install	2020-05-19 17:43:06 UTC (rev 629954)
@@ -0,0 +1,8 @@
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+  # configuration and file system storage changes with >= 3.0.0
+  if [ "$(vercmp "$2" "3.0.0")" -le 0 ]; then
+    echo "WARNING: Major changes introduced to filesystem storage and configuration. Read /usr/share/doc/radicale/NEWS.md"
+  fi
+}

Modified: radicale.service
===================================================================
--- radicale.service	2020-05-19 17:43:03 UTC (rev 629953)
+++ radicale.service	2020-05-19 17:43:06 UTC (rev 629954)
@@ -4,21 +4,34 @@
 Requires=network.target
 
 [Service]
-Type=simple
-ExecStart=/usr/bin/radicale -f
-User=radicale
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ExecStart=/usr/bin/radicale
 Group=radicale
-Restart=on-failure
-UMask=0027
+IPAccounting=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=strict
 ProtectHome=yes
-ProtectKernelTunables=yes
-ProtectKernelModules=yes
-ProtectControlGroups=yes
-NoNewPrivileges=yes
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
 ReadWritePaths=/var/lib/radicale
+RemoveIPC=true
+Restart=on-failure
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources
+UMask=0027
+User=radicale
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list