diff options
| author | Fredy García | 2022-02-08 20:15:09 -0500 |
|---|---|---|
| committer | Fredy García | 2022-02-08 20:31:48 -0500 |
| commit | ca39f08cbba957842f0c0be4b4ad6e9909a35c30 (patch) | |
| tree | fb38e6d75c338b783e5bd00379baddd81e40c66d | |
| parent | 173eb0894301177b4668ed82e4c04eb70040975f (diff) | |
| download | aur-ca39f08cbba957842f0c0be4b4ad6e9909a35c30.tar.gz | |
Adjusting service files. Adding install file to install appgate user/group. Moving dnsmasq to optdepends. Upgrading to version 5.5.3
| -rw-r--r-- | .SRCINFO | 15 | ||||
| -rw-r--r-- | 10-appgate-tun.network | 5 | ||||
| -rw-r--r-- | PKGBUILD | 23 | ||||
| -rw-r--r-- | appgate-sdp-headless.install | 18 | ||||
| -rw-r--r-- | appgatedriver.service.patch | 11 | ||||
| -rw-r--r-- | appgateservice.service.patch | 30 |
6 files changed, 92 insertions, 10 deletions
@@ -1,12 +1,12 @@ pkgbase = appgate-sdp-headless pkgdesc = Appgate SDP (Software Defined Perimeter) headless client (It does not support 2FA.) - pkgver = 5.5.2 + pkgver = 5.5.3 pkgrel = 1 url = https://www.appgate.com/support/software-defined-perimeter-support + install = appgate-sdp-headless.install arch = x86_64 license = custom license = custom:commercial - depends = dnsmasq depends = libsecret depends = libxss depends = nodejs @@ -14,6 +14,7 @@ pkgbase = appgate-sdp-headless depends = python-dbus depends = python-distro optdepends = bash-completion: allows bash completion for scripts + optdepends = dnsmasq: dns resolver for systems without systemd-resolved provides = appgate-sdp conflicts = appgate-sdp options = staticlibs @@ -21,9 +22,13 @@ pkgbase = appgate-sdp-headless options = !emptydirs backup = etc/appgate.conf backup = etc/dbus-1/system.d/appgate.conf - source = https://bin.appgate-sdp.com/5.5/client/appgate-sdp-headless_5.5.2_amd64.deb + source = https://bin.appgate-sdp.com/5.5/client/appgate-sdp-headless_5.5.3_amd64.deb source = appgatedriver.service.patch - sha256sums = fa4ea0aa6c14460e8e711a52be7738a40af6fcb20b3b1c47d6c65a90b9f9ec64 - sha256sums = 0789aa07d6a7af44187e407696d930e78c50370c19b8399722ebecb0655ffcdb + source = appgateservice.service.patch + source = 10-appgate-tun.network + sha256sums = a0e378f7a19cbe71649d4cee9e88499aecfc28b26784b76843c78b6fc390b0c5 + sha256sums = 2df60df48a8659a77f05ce7270f7315eb0c2e6e1ab453f81caf08cb93fda50cc + sha256sums = dbb83be680e6f3f11a04835b68155eb1a0d149b8d950aafd9da6887fc017b99d + sha256sums = 2eb0daa10429e67d703cceccd34069da3044d99c5652658ec73c7a01c88b64e9 pkgname = appgate-sdp-headless diff --git a/10-appgate-tun.network b/10-appgate-tun.network new file mode 100644 index 000000000000..8a0e3c34d9c9 --- /dev/null +++ b/10-appgate-tun.network @@ -0,0 +1,5 @@ +[Match] +Name=tun* + +[Link] +Unmanaged=yes @@ -2,25 +2,33 @@ # Contributor: Pawel Mosakowski <pawel at mosakowski dot net> pkgname=appgate-sdp-headless -pkgver=5.5.2 +pkgver=5.5.3 pkgrel=1 pkgdesc="Appgate SDP (Software Defined Perimeter) headless client (It does not support 2FA.)" arch=("x86_64") url="https://www.${pkgname%%-*}.com/support/software-defined-perimeter-support" license=("custom" "custom:commercial") -depends=("dnsmasq" "libsecret" "libxss" "nodejs" "nss" "python-dbus" "python-distro") -optdepends=("bash-completion: allows bash completion for scripts") +depends=("libsecret" "libxss" "nodejs" "nss" "python-dbus" "python-distro") +optdepends=( + "bash-completion: allows bash completion for scripts" + "dnsmasq: dns resolver for systems without systemd-resolved" +) provides=("${pkgname%-*}") conflicts=("${pkgname%-*}") backup=("etc/appgate.conf" "etc/dbus-1/system.d/appgate.conf") options=(staticlibs !strip !emptydirs) +install="${pkgname}.install" source=( "https://bin.${pkgname%-*}.com/${pkgver%.*}/client/${pkgname}_${pkgver}_amd64.deb" "${pkgname%%-*}driver.service.patch" + "${pkgname%%-*}service.service.patch" + "10-appgate-tun.network" ) sha256sums=( - "fa4ea0aa6c14460e8e711a52be7738a40af6fcb20b3b1c47d6c65a90b9f9ec64" - "0789aa07d6a7af44187e407696d930e78c50370c19b8399722ebecb0655ffcdb" + "a0e378f7a19cbe71649d4cee9e88499aecfc28b26784b76843c78b6fc390b0c5" + "2df60df48a8659a77f05ce7270f7315eb0c2e6e1ab453f81caf08cb93fda50cc" + "dbb83be680e6f3f11a04835b68155eb1a0d149b8d950aafd9da6887fc017b99d" + "2eb0daa10429e67d703cceccd34069da3044d99c5652658ec73c7a01c88b64e9" ) prepare() { @@ -30,6 +38,7 @@ prepare() { bsdtar -xf "${srcdir}/data.tar.xz" -C . patch -Np1 -i "${srcdir}/${pkgname%%-*}driver.service.patch" + patch -Np1 -i "${srcdir}/${pkgname%%-*}service.service.patch" # Remove unnecessary .deb related directory rm -rf "${srcdir}/${pkgname}/etc/init.d" @@ -44,6 +53,10 @@ package() { install -Dm644 "${srcdir}/${pkgname}/lib/systemd/system/"* "${pkgdir}/usr/lib/systemd/system/" mv "${pkgdir}/usr/sbin" "${pkgdir}/usr/bin" + # Make systemd-networkd not manage tun interfaces + install -dm755 "${pkgdir}/usr/lib/systemd/network" + install -Dm644 "${srcdir}/10-appgate-tun.network" "${pkgdir}/usr/lib/systemd/network/" + # Install license files install -Dm644 "${srcdir}/${pkgname}/usr/share/doc/${pkgname/-sdp/}/copyright" "${pkgdir}/usr/share/licenses/${pkgname}/copyright" } diff --git a/appgate-sdp-headless.install b/appgate-sdp-headless.install new file mode 100644 index 000000000000..42114a15cd84 --- /dev/null +++ b/appgate-sdp-headless.install @@ -0,0 +1,18 @@ +post_install() { + # Creates appgate user and group + [[ $(cat /etc/group) == *appgate* ]] || groupadd --system appgate + [[ $(cat /etc/passwd) == *appgate* ]] || useradd --system --shell /usr/bin/nologin --home /var/lib/appgate --gid appgate appgate + chown appgate:appgate /etc/appgate.conf + chmod 660 /etc/appgate.conf + install -d /var/lib/appgate -g appgate -o appgate -m770 +} + +post_upgrade() { + post_install +} + +post_remove() { + # Removes appgate user and group + groupdel --force appgate + userdel --force --remove appgate +} diff --git a/appgatedriver.service.patch b/appgatedriver.service.patch index c2f58bf0bd72..d59f2c1f3740 100644 --- a/appgatedriver.service.patch +++ b/appgatedriver.service.patch @@ -11,3 +11,14 @@ index 5e98ca8..1f8cb55 100644 [Install] WantedBy=multi-user.target +diff --git a/lib/systemd/system/appgatedriver@.service b/lib/systemd/system/appgatedriver@.service +index c9f64db..3faf77f 100644 +--- a/lib/systemd/system/appgatedriver@.service ++++ b/lib/systemd/system/appgatedriver@.service +@@ -25,5 +25,5 @@ CapabilityBoundingSet=~CAP_SYS_PTRACE + CapabilityBoundingSet=~CAP_SYS_PACCT + CapabilityBoundingSet=~CAP_SYS_CHROOT + CapabilityBoundingSet=~CAP_SYS_BOOT +-InaccessiblePaths=/srv /boot /media ++InaccessiblePaths=-/srv -/boot -/media + SyslogIdentifier=appgatedriver.%i diff --git a/appgateservice.service.patch b/appgateservice.service.patch new file mode 100644 index 000000000000..1ac29c283a85 --- /dev/null +++ b/appgateservice.service.patch @@ -0,0 +1,30 @@ +diff --git a/lib/systemd/system/appgateservice.service b/lib/systemd/system/appgateservice.service +index 7a8faf7..f944300 100644 +--- a/lib/systemd/system/appgateservice.service ++++ b/lib/systemd/system/appgateservice.service +@@ -12,8 +12,8 @@ ExecStart="/opt/appgate/service/appgateservice" --service + ExecReload=/bin/kill -HUP $MAINPID + Type=simple + Restart=always +-InaccessibleDirectories=/media /boot /srv +-ReadOnlyDirectories=/etc /usr /bin /lib /lib64 /sbin /mnt ++InaccessibleDirectories=-/media -/boot -/srv ++ReadOnlyDirectories=-/etc -/usr -/bin -/lib -/lib64 -/sbin -/mnt + PrivateDevices=true + NoNewPrivileges=true + PrivateTmp=true +diff --git a/lib/systemd/system/appgateservice@.service b/lib/systemd/system/appgateservice@.service +index 74faa34..269ffc4 100644 +--- a/lib/systemd/system/appgateservice@.service ++++ b/lib/systemd/system/appgateservice@.service +@@ -11,8 +11,8 @@ ExecReload=/bin/kill -HUP $MAINPID + Type=forking + TimeoutStopSec=30 + Restart=always +-InaccessibleDirectories=/media /boot /srv +-ReadOnlyDirectories=/etc /usr /bin /lib /lib64 /sbin ++InaccessibleDirectories=-/media -/boot -/srv ++ReadOnlyDirectories=-/etc -/usr -/bin -/lib -/lib64 -/sbin + PrivateDevices=true + NoNewPrivileges=true + PrivateTmp=true |