diff options
| author | Giovanni Harting | 2024-03-23 18:08:17 +0100 |
|---|---|---|
| committer | Giovanni Harting | 2024-03-23 18:08:17 +0100 |
| commit | 9b8a11cf122a849a91eae27fdc767e256a131b53 (patch) | |
| tree | 7b8844686c22e9f38d7c784be3026583bb50da80 | |
| parent | 300a4972d55fc021a32d3c2aa900ed9cb6e3a3a2 (diff) | |
| download | aur-9b8a11cf122a849a91eae27fdc767e256a131b53.tar.gz | |
upgpkg: adguardhome 1:0.107.46-2
more systemd service hardening
| -rw-r--r-- | .SRCINFO | 7 | ||||
| -rw-r--r-- | PKGBUILD | 30 | ||||
| -rw-r--r-- | adguardhome.service | 11 |
3 files changed, 31 insertions, 17 deletions
@@ -1,15 +1,14 @@ pkgbase = adguardhome pkgdesc = Network-wide ads and trackers blocking DNS server pkgver = 0.107.46 - pkgrel = 1 + pkgrel = 2 epoch = 1 url = https://github.com/AdguardTeam/AdGuardHome install = adguardhome.install arch = x86_64 arch = aarch64 arch = armv7h - arch = armv6h - license = GPL + license = GPL-2.0-only makedepends = go makedepends = nodejs makedepends = npm @@ -19,7 +18,7 @@ pkgbase = adguardhome source = adguardhome.service source = adguardhome.install b2sums = d3b7a6cd24e35fc22fc90919ce7143fbe3475891f151011b5c059f66cbcb78b756d40e797cbee5a1cc2d22064969abac329165f16794619e1b60ea6b22366692 - b2sums = d74c0d6c8118a876fddfa045980ab002a6177efda49c3046cee22c6635c5f5caa1c520d8d4c07687dbaf52f7639da7172c25f027b8a499dc76c125940d431a98 + b2sums = 161152f91e09fe491db631eb6ed603c0c975453b682467945fdade6091bf427ec932230f3a10e40e2f054dc01567930ecc27343c04882fb0e736b4f6becc96da b2sums = b22ae447e0288e64332bcb41cc73f61e9adb58d402ef3ccfb896aa1ecbec4d4ff66bfc1464ca9d0bc99f1a5b4d32bdc5765f42a1b72b0fb3786ecefcf94a7265 pkgname = adguardhome @@ -2,35 +2,39 @@ # Contributor: Pavers_Career <pavers_career_0d AT ícloud DOT com> pkgname=adguardhome -_pkgname=AdGuardHome +_name=AdGuardHome pkgver=0.107.46 -pkgrel=1 +pkgrel=2 epoch=1 -pkgdesc="Network-wide ads and trackers blocking DNS server" -arch=(x86_64 aarch64 armv7h armv6h) -url="https://github.com/AdguardTeam/AdGuardHome" -license=(GPL) -source=("$pkgname-$pkgver.tar.gz::https://github.com/AdguardTeam/AdGuardHome/archive/v$pkgver.tar.gz" +pkgdesc='Network-wide ads and trackers blocking DNS server' +arch=(x86_64 aarch64 armv7h) +url='https://github.com/AdguardTeam/AdGuardHome' +license=(GPL-2.0-only) +source=("$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz" "$pkgname.service" "$pkgname.install") makedepends=(go nodejs npm git) depends=(glibc) install="$pkgname.install" b2sums=('d3b7a6cd24e35fc22fc90919ce7143fbe3475891f151011b5c059f66cbcb78b756d40e797cbee5a1cc2d22064969abac329165f16794619e1b60ea6b22366692' - 'd74c0d6c8118a876fddfa045980ab002a6177efda49c3046cee22c6635c5f5caa1c520d8d4c07687dbaf52f7639da7172c25f027b8a499dc76c125940d431a98' + '161152f91e09fe491db631eb6ed603c0c975453b682467945fdade6091bf427ec932230f3a10e40e2f054dc01567930ecc27343c04882fb0e736b4f6becc96da' 'b22ae447e0288e64332bcb41cc73f61e9adb58d402ef3ccfb896aa1ecbec4d4ff66bfc1464ca9d0bc99f1a5b4d32bdc5765f42a1b72b0fb3786ecefcf94a7265') prepare() { - cd "$_pkgname-$pkgver" + cd "$_name-$pkgver" npm --prefix client ci go mod download } build() { - cd "$_pkgname-$pkgver" + cd "$_name-$pkgver" export NODE_OPTIONS=--openssl-legacy-provider npm --prefix client run build-prod unset NODE_OPTIONS + + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" go build \ -trimpath \ -buildmode=pie \ @@ -41,10 +45,10 @@ build() { } package() { - install -Dm755 "$_pkgname-$pkgver/$pkgname" "$pkgdir/usr/bin/$pkgname" + install -Dm755 "$_name-$pkgver/$pkgname" "$pkgdir/usr/bin/$pkgname" install -Dm644 "$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service" - mkdir "$pkgdir/etc" - ln -s "/var/lib/$pkgname/$_pkgname.yaml" "$pkgdir/etc/$pkgname.yaml" + install -dm755 "$pkgdir/etc" + ln -s "/var/lib/$pkgname/$_name.yaml" "$pkgdir/etc/$pkgname.yaml" } # vim:set ts=2 sw=2 et: diff --git a/adguardhome.service b/adguardhome.service index df860598bc18..b1c683da33ec 100644 --- a/adguardhome.service +++ b/adguardhome.service @@ -10,5 +10,16 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW ExecStart=/usr/bin/adguardhome -w /var/lib/adguardhome -l syslog +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectControlGroups=true +NoNewPrivileges=true +MemoryDenyWriteExecute=true +LockPersonality=true +ProtectHostname=true + [Install] WantedBy=multi-user.target |