[arch-commits] Commit in radicale/trunk (PKGBUILD radicale.install radicale.service)
David Runge
dvzrv at archlinux.org
Tue May 19 17:43:06 UTC 2020
Date: Tuesday, May 19, 2020 @ 17:43:06
Author: dvzrv
Revision: 629954
upgpkg: radicale 3.0.0-1: Upgrading to 3.0.0.
Updating to currently required depends.
Removing non-required checkdepends and removing all pytest extensions from setup.cfg.
Running pytest against a test installation of radicale.
Adding radicale.install to warn of changes to filesystem storage and configuration.
Adding further service hardening options to radicale.service and dropping the now obsolete -f flag to radicale.
Added:
radicale/trunk/radicale.install
Modified:
radicale/trunk/PKGBUILD
radicale/trunk/radicale.service
------------------+
PKGBUILD | 28 ++++++++++++++++++----------
radicale.install | 8 ++++++++
radicale.service | 31 ++++++++++++++++++++++---------
3 files changed, 48 insertions(+), 19 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-05-19 17:43:03 UTC (rev 629953)
+++ PKGBUILD 2020-05-19 17:43:06 UTC (rev 629954)
@@ -5,32 +5,33 @@
pkgname=radicale
_name=Radicale
-pkgver=2.1.11
-pkgrel=3
+pkgver=3.0.0
+pkgrel=1
pkgdesc='Simple calendar (CalDAV) and contact (CardDAV) server'
arch=('any')
url="https://radicale.org/"
license=('GPL3')
-depends=('python-bcrypt' 'python-passlib' 'python-setuptools' 'python-vobject')
-checkdepends=('python-bcrypt' 'python-pytest-cov' 'python-pytest-flake8' 'python-pytest-isort' 'python-pytest-runner')
+depends=('python-bcrypt' 'python-dateutil' 'python-defusedxml' 'python-passlib'
+'python-setuptools' 'python-vobject')
+checkdepends=('python-pytest' 'python-pytest-runner' 'python-waitress')
backup=('etc/radicale/config'
'etc/radicale/rights'
'etc/radicale/users')
+install="${pkgname}.install"
source=("${pkgname}-${pkgver}.tar.gz::https://github.com/Kozea/${pkgname}/archive/${pkgver}.tar.gz"
"${pkgname}-sysusers.conf"
"${pkgname}-tmpfiles.conf"
"${pkgname}.service")
-sha512sums=('ccdcc61e7f0d62041bdc41ea2004f721d0ce40d6d73b0475ccc8ff91224f0881a2d9749adfa5a7555782a0daf8bb4c8b29d724d68b486c5b1b8b5befd988781d'
+sha512sums=('3a9a62755c35f7446bcc0fe8394a0064fc9191b1be465899901d01e551ecc1f1f86f3bec29408e8c5022211b2d87a09e218dea80f424124cccf2bcb5192997bb'
'56dffb66e018cfbf158dc5d8fe638b3cb31229945f659aae5623f219bcd1d68ddc375f1633fa8e857a9b2f50c9e05a06efce165370137d6e116a4f187466637f'
'9d0dd88e4a34e9f97abda1785698e4b2a5e8202063deeb91b84e13c05e00b07e45b8d4d9eca09b9241b1138bbbfdc999dba0135c18f5bc0c08d65b0cd83b367b'
- '2e2a99fb0a42d3f0f8ac9d0264376441ea600508e98c5dfb3ebcd6de096286a276747455fdf4b5c771f3cc6f454cb0277dc62cc9b11e278bd5fe74cb2b7b979a')
+ '6f411daf18fbeeb7cc8626652f4b87ac6ec5e4ec1212821c426de711c907be41ab995d5b35be4ff0d663edb1028f99d6c07a53158acf519e7560e230c022c986')
prepare() {
mv -v ${_name}-${pkgver} ${pkgname}-${pkgver}
cd ${pkgname}-${pkgver}
- # removing useless flake8 and isort tests
- sed -e 's/--flake8 --isort//' \
- -i setup.cfg
+ # removing flake8, isort and coverage
+ sed -e '/addopts/d' -i setup.cfg
touch "users"
}
@@ -40,8 +41,15 @@
}
check() {
+ local python_version=$(python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))')
cd "${pkgname}-${pkgver}"
- python setup.py test
+ mkdir -vp testdir
+ python setup.py install --skip-build \
+ --optimize=1 \
+ --prefix=/usr \
+ --root="testdir"
+ export PYTHONPATH="testdir/usr/lib/python${python_version}/site-packages:${PYTHONPATH}"
+ pytest -v
}
package() {
Added: radicale.install
===================================================================
--- radicale.install (rev 0)
+++ radicale.install 2020-05-19 17:43:06 UTC (rev 629954)
@@ -0,0 +1,8 @@
+# arg 1: the new package version
+# arg 2: the old package version
+post_upgrade() {
+ # configuration and file system storage changes with >= 3.0.0
+ if [ "$(vercmp "$2" "3.0.0")" -le 0 ]; then
+ echo "WARNING: Major changes introduced to filesystem storage and configuration. Read /usr/share/doc/radicale/NEWS.md"
+ fi
+}
Modified: radicale.service
===================================================================
--- radicale.service 2020-05-19 17:43:03 UTC (rev 629953)
+++ radicale.service 2020-05-19 17:43:06 UTC (rev 629954)
@@ -4,21 +4,34 @@
Requires=network.target
[Service]
-Type=simple
-ExecStart=/usr/bin/radicale -f
-User=radicale
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ExecStart=/usr/bin/radicale
Group=radicale
-Restart=on-failure
-UMask=0027
+IPAccounting=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
-ProtectKernelTunables=yes
-ProtectKernelModules=yes
-ProtectControlGroups=yes
-NoNewPrivileges=yes
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
ReadWritePaths=/var/lib/radicale
+RemoveIPC=true
+Restart=on-failure
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources
+UMask=0027
+User=radicale
[Install]
WantedBy=multi-user.target
More information about the arch-commits
mailing list