[arch-commits] Commit in mailman3/trunk (PKGBUILD mailman3.service)
David Runge
dvzrv at archlinux.org
Tue May 18 08:15:28 UTC 2021
Date: Tuesday, May 18, 2021 @ 08:15:28
Author: dvzrv
Revision: 936211
upgpkg: mailman3 3.3.4-2: Rebuild to switch to python-sqlalchemy1.3.
Upstream does not yet support python-sqlalchemy >= 1.4.
Order all instructions in mailman3.service alphabetically.
Do not ignore AF_NETLINK in RestrictAddressFamilies (https://bugs.archlinux.org/task/69627).
Modified:
mailman3/trunk/PKGBUILD
mailman3/trunk/mailman3.service
------------------+
PKGBUILD | 9 +++++----
mailman3.service | 32 +++++++++++++++++---------------
2 files changed, 22 insertions(+), 19 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-05-18 08:10:54 UTC (rev 936210)
+++ PKGBUILD 2021-05-18 08:15:28 UTC (rev 936211)
@@ -3,16 +3,17 @@
_name=mailman
pkgname=mailman3
pkgver=3.3.4
-pkgrel=1
+pkgrel=2
pkgdesc="The GNU mailing list manager"
arch=('any')
url="https://www.list.org/"
license=('GPL3')
+# mailman3 does not support python-sqlalchemy >= 1.4 https://gitlab.com/mailman/mailman/-/issues/899
depends=('gunicorn' 'python-aiosmtpd' 'python-alembic' 'python-atpublic'
'python-authheaders' 'python-authres' 'python-click' 'python-dateutil'
'python-dnspython' 'python-falcon' 'python-flufl.bounce' 'python-flufl.i18n'
'python-flufl-lock' 'python-importlib_resources' 'python-lazr.config'
-'python-passlib' 'python-requests' 'python-sqlalchemy' 'python-zope-component'
+'python-passlib' 'python-requests' 'python-sqlalchemy1.3' 'python-zope-component'
'python-zope-configuration' 'python-zope-event' 'python-zope-interface')
checkdepends=('python-flufl.testing' 'python-nose2' 'python-psycopg2'
'python-pymysql' 'python-pytest')
@@ -39,7 +40,7 @@
"${pkgname}.tmpfiles")
sha512sums=('52d7e8355744730f608605b05bc9c977c3e4daf22a78267b1ea6cd3922b2826d3f70dd61a591f13633fc7cbcc536b6d56a2076c00752a6590964cbd4e1aec3cc'
'SKIP'
- 'a1f5167f81a1ae74d6caecf3c99df9d6edddeeb2f07d61454fd0b3563aab952f76d2aa1642552855a4ccb620a7de34c2717d976f12b49dcd781ce0c32e7d6161'
+ '5773eae02dee11b83eb73ba81bca98d9d0a22fa3175d53172d17bbc0e9821360a4d562b6f42a3bb55c2f0c0b5b50ab84ee82da4cf8b3ff38555a378687dcde3c'
'734e0cdf1198f6609a5e41312c48c5c4e492ba5b9acc3af4cd302a6ed148933396333077932e25aedfc50ff3f68b1d4898137193bdadaf71e23045ec8e96be10'
'5d7ccba8cf1262ab052078f2188ded15e43e1201302c7c24ce763efef9789ec99d8ea9a19e8fbd9bc5a38f47a162fe5cf4b0ade284894cb57af66350f23507bc'
'e610060021d6f2ebeb4ffb5b37d448efdd44154ace6f228a316e9712799dc620611953401f705bb76d1046b769b6e8316c9b1d143e535110e383a7762d866669'
@@ -50,7 +51,7 @@
'6f4b51fd5eb34ac974b3312c34eb1437d9435cfd50f0cb89db02b94ce514bceca2c6dc7cb172b79b2d6a23d68e7ea391ec58dbd9899938c0fe88c03c67c521b9')
b2sums=('d0c8ba6dd0df481915397b55521c9a524b44bbdb7c4efe789c6fe92c1383950b6107a76db43337b7a310a7d97eb3931a4289566271ac5b6360645ec8d316230a'
'SKIP'
- 'b4a5795a2798c2e2a2aa5ff8672572a6272963efd48613427d849fa0c6f6062af79710c44ae0c256e07524cce2315efbbed2571e1f64dd3ef906bcea18f3b889'
+ '3efaa4559bcf54b322f4a21ee3000f5b2bea72dad2f9f436967f5c4d4ed8046bc08f8e31457991e63252237134f3f7d2f9e7e7862ebc211aeef11d506ded4440'
'a9d8be785d3d1a1bbe8899658bec67cfcae8a13d21ef8e873f66a52008e9a3814ed731ac7e9eb787b6565acb00b46a050d58d3dcabdc649c0797e1b55622ec21'
'b0d764dd4f7017c2d5b76e8a52b0c8d75e35b0b0d9025609853d389f8fa0732ea902549ef168f988bf845370cf67aeb7d439af8dec1997127522055b11e64000'
'dde11f2aa4e5279ab2570a9bc96176707723a9208374b5db03c43fad5ec695936a8ae0df531cd0277173bb3d2df4e4070995edff711563fb3b50f7e8e1020ec9'
Modified: mailman3.service
===================================================================
--- mailman3.service 2021-05-18 08:10:54 UTC (rev 936210)
+++ mailman3.service 2021-05-18 08:15:28 UTC (rev 936211)
@@ -4,38 +4,40 @@
After=network.target
[Service]
-User=mailman
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/mailman start -f
ExecReload=/usr/bin/mailman restart
ExecStop=/usr/bin/mailman stop
-Type=forking
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
PIDFile=/run/mailman/master.pid
+PrivateDevices=true
PrivateTmp=true
-ProtectSystem=strict
+ProtectClock=true
+ProtectControlGroups=true
ProtectHome=true
-PrivateDevices=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-NoNewPrivileges=true
-MemoryDenyWriteExecute=true
-LockPersonality=true
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectSystem=strict
RemoveIPC=true
-RestrictAddressFamilies=~AF_PACKET AF_NETLINK
+RestrictAddressFamilies=~AF_PACKET
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
+ReadOnlyPaths=/etc/mailman.cfg -/etc/mailman.d
+ReadWritePaths=/var/lock/mailman /var/spool/mailman
+RuntimeDirectory=mailman
+StateDirectory=mailman
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources
-ReadWritePaths=/var/lock/mailman /var/spool/mailman
-ReadOnlyPaths=/etc/mailman.cfg -/etc/mailman.d
-RuntimeDirectory=mailman
-StateDirectory=mailman
LogsDirectory=mailman
+Type=forking
+User=mailman
[Install]
WantedBy=multi-user.target
More information about the arch-commits
mailing list