[arch-commits] Commit in kresus/trunk (PKGBUILD kresus.service)

Bruno Pagani archange at gemini.archlinux.org
Sun Jul 25 03:17:36 UTC 2021 

    Date: Sunday, July 25, 2021 @ 03:17:35
  Author: archange
Revision: 984939

upgpkg: kresus 0.17.4-2

Modified:
  kresus/trunk/PKGBUILD
  kresus/trunk/kresus.service

----------------+
 PKGBUILD       |    4 ++--
 kresus.service |   26 +++++++++++++++-----------
 2 files changed, 17 insertions(+), 13 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-07-25 02:48:16 UTC (rev 984938)
+++ PKGBUILD	2021-07-25 03:17:35 UTC (rev 984939)
@@ -2,7 +2,7 @@
 
 pkgname=kresus
 pkgver=0.17.4
-pkgrel=1
+pkgrel=2
 pkgdesc="Self-hosted personal finance manager"
 arch=(x86_64)
 url="https://kresus.org"
@@ -18,7 +18,7 @@
         ${pkgname}.tmpfiles)
 sha256sums=('bf08050b9f704c5727f2e6a8410f2a2914f589372a2de539c429fd1fec0e7613'
             '2a1de56c469b9a8e899614e6cb6ff8d6f205b5df8d30141230f1d0bc2bf15f40'
-            'cbbfcfc7714fa4c714e956fffa203511c47dde67e06dee9d87f8ff44ac3c708b'
+            'f57bac585629200877e03d75631b174cafa7d8fd42ca815db9aecc9e166d200c'
             'd9d30f5470c7165e4917487b69d7ab82e463da4e1355056e1035ee501d3f1adc'
             'ba8ad7d9eb5d2b47fde5f6a3ab98596e5c679141b78d76d54b44830604b67632')
 

Modified: kresus.service
===================================================================
--- kresus.service	2021-07-25 02:48:16 UTC (rev 984938)
+++ kresus.service	2021-07-25 03:17:35 UTC (rev 984939)
@@ -12,28 +12,32 @@
 Environment=NODE_ENV=production
 ExecStart=/usr/bin/kresus -c /etc/webapps/kresus/config.ini
 Restart=always
+AmbientCapabilities=
 CapabilityBoundingSet=
+LockPersonality=true
+#Not compatible with NodeJS
+#MemoryDenyWriteExecute=true
 NoNewPrivileges=true
-#SecureBits=noroot-locked
-ProtectSystem=strict
-ProtectHome=true
+PrivateDevices=true
 PrivateTmp=true
-PrivateDevices=true
 PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=yes
+ProtectHome=true
 ProtectHostname=true
-ProtectClock=true
+ProtectKernelLogs=true
+ProtectKernelModules=yes
 ProtectKernelTunables=true
-ProtectKernelModules=yes
-ProtectKernelLogs=true
-ProtectControlGroups=yes
+ProtectProc=invisible
+ProtectSystem=strict
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-LockPersonality=true
-#Not compatible with NodeJS
-#MemoryDenyWriteExecute=true
+RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
+#SecureBits=noroot-locked
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list