diff options
author | D. Can Celasun | 2020-01-06 08:01:01 +0000 |
---|---|---|
committer | D. Can Celasun | 2020-01-06 08:01:01 +0000 |
commit | b720f39fb3e03b60fd2e2a96ef0df2b001f108ca (patch) | |
tree | 98bbff9d9542b513cbfd53d6bd7281f0158544df | |
parent | 046ac8ef9949421a4fc452be15b977022dba7cd5 (diff) | |
download | aur-b720f39fb3e03b60fd2e2a96ef0df2b001f108ca.tar.gz |
[bitwarden_rs-mysql] Update to 1.13.1
-rw-r--r-- | .SRCINFO | 14 | ||||
-rw-r--r-- | PKGBUILD | 25 | ||||
-rw-r--r-- | bitwarden_rs.install | 29 | ||||
-rw-r--r-- | bitwarden_rs.service | 17 | ||||
-rw-r--r-- | bitwarden_rs.sysusers.conf | 1 | ||||
-rw-r--r-- | bitwarden_rs.tmpfiles.conf | 1 |
6 files changed, 47 insertions, 40 deletions
@@ -1,6 +1,6 @@ pkgbase = bitwarden_rs-mysql pkgdesc = An unofficial lightweight implementation of the bitwarden-server using rust and mysql. Does NOT include the web-interface. - pkgver = 1.13.0 + pkgver = 1.13.1 pkgrel = 1 url = https://github.com/dani-garcia/bitwarden_rs install = bitwarden_rs.install @@ -19,13 +19,17 @@ pkgbase = bitwarden_rs-mysql conflicts = bitwarden_rs conflicts = bitwarden_rs-postgresql backup = etc/bitwarden_rs.env - source = https://github.com/dani-garcia/bitwarden_rs/archive/1.13.0.tar.gz + source = https://github.com/dani-garcia/bitwarden_rs/archive/1.13.1.tar.gz source = bitwarden_rs.install source = bitwarden_rs.service + source = bitwarden_rs.sysusers.conf + source = bitwarden_rs.tmpfiles.conf source = 0001-Disable-Vault.patch - sha512sums = ef17482b98b8caa089c957bc3db53f3adcbcdd1b8b64cb4b94612875bf939e259b9ef5928d2aaf99490534a83b48a3ec06933c28b243be1c41bf3dfbe68f5c8d - sha512sums = 399e63002acb764895bbcf3b983642c8858343b36909eeeb73133de1a9740a3d81232bc206ff6bf3daed50f72354c5e6fd5314d0d044acd9f1cb23a933b1dd74 - sha512sums = 4ce188956f6fe7cfdb711b1505f6344ed2775751ea112a0506dc96455c2705ab8529ec442e4747d7810fc3535b4ca78d1864e874dab5b5306373587097e02658 + sha512sums = f032749606745ab1fd78cc0429fff3e9711522a94098f57d0134fa0f8dbfc07814d5b2a71e53028f8f911fd9c233fdedb8f68822096229a00cef189b41b6e717 + sha512sums = 6bb58fc3d7e1869aafb985aa5fd26683e730ca6b93ddfba6a907aa2b1ca31b1b4280dbfff8c875668d6890e7198f4f0ac39c6f9be283fbfba347f85b987a11f9 + sha512sums = 60a406c8fea4bb651974b3fd386f66a0fcf73bfcc29bffe171b92134e2e81b6374ac6be879eb420208ecd77911b7d157db587510347e56ecb72aec34ac90fbe6 + sha512sums = 15b00b0dc9122f98ce8d7b55668fdfbb2e0387563e7d9ad6c0ebc73b75e46e1ccdb3a2186a453795a1b3e2d45358ff5a8076d5cf30319ab2c21539d20cff81c6 + sha512sums = 6fd0ea962f077f92ad7f55a1bab479e68e3463b41eb171d501847554b676b7ecf05e016544f6331bdb53bf71038fcf2ce67ad213d0a7c2f93acbafd72e8441a6 sha512sums = a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028 pkgname = bitwarden_rs-mysql @@ -3,7 +3,7 @@ pkgname=bitwarden_rs-mysql _pkgbase=bitwarden_rs -pkgver=1.13.0 +pkgver=1.13.1 pkgrel=1 pkgdesc="An unofficial lightweight implementation of the bitwarden-server using rust and mysql. Does NOT include the web-interface." arch=('i686' 'x86_64' 'armv7h' 'aarch64') @@ -19,10 +19,14 @@ install=bitwarden_rs.install source=("https://github.com/dani-garcia/bitwarden_rs/archive/$pkgver.tar.gz" "${_pkgbase}.install" "${_pkgbase}.service" + "${_pkgbase}.sysusers.conf" + "${_pkgbase}.tmpfiles.conf" "0001-Disable-Vault.patch") -sha512sums=('ef17482b98b8caa089c957bc3db53f3adcbcdd1b8b64cb4b94612875bf939e259b9ef5928d2aaf99490534a83b48a3ec06933c28b243be1c41bf3dfbe68f5c8d' - '399e63002acb764895bbcf3b983642c8858343b36909eeeb73133de1a9740a3d81232bc206ff6bf3daed50f72354c5e6fd5314d0d044acd9f1cb23a933b1dd74' - '4ce188956f6fe7cfdb711b1505f6344ed2775751ea112a0506dc96455c2705ab8529ec442e4747d7810fc3535b4ca78d1864e874dab5b5306373587097e02658' +sha512sums=('f032749606745ab1fd78cc0429fff3e9711522a94098f57d0134fa0f8dbfc07814d5b2a71e53028f8f911fd9c233fdedb8f68822096229a00cef189b41b6e717' + '6bb58fc3d7e1869aafb985aa5fd26683e730ca6b93ddfba6a907aa2b1ca31b1b4280dbfff8c875668d6890e7198f4f0ac39c6f9be283fbfba347f85b987a11f9' + '60a406c8fea4bb651974b3fd386f66a0fcf73bfcc29bffe171b92134e2e81b6374ac6be879eb420208ecd77911b7d157db587510347e56ecb72aec34ac90fbe6' + '15b00b0dc9122f98ce8d7b55668fdfbb2e0387563e7d9ad6c0ebc73b75e46e1ccdb3a2186a453795a1b3e2d45358ff5a8076d5cf30319ab2c21539d20cff81c6' + '6fd0ea962f077f92ad7f55a1bab479e68e3463b41eb171d501847554b676b7ecf05e016544f6331bdb53bf71038fcf2ce67ad213d0a7c2f93acbafd72e8441a6' 'a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028') _src="$_pkgbase-$pkgver" @@ -31,14 +35,25 @@ build() { cd "$srcdir/$_src" patch -N -p1 -i "$srcdir/0001-Disable-Vault.patch" - cargo build --release --no-default-features --features mysql + cargo build --release --locked --no-default-features --features mysql +} + +check() { + cd "$srcdir/$_src" + cargo test --release --locked --no-default-features --features mysql } package() { # setup systemd service install -D -m 0644 "$srcdir/bitwarden_rs.service" "$pkgdir/usr/lib/systemd/system/bitwarden_rs.service" + + # declarative setup of user and directory + install -D -m 0644 "$srcdir/bitwarden_rs.sysusers.conf" "$pkgdir/usr/lib/sysusers.d/bitwarden_rs.conf" + install -D -m 0644 "$srcdir/bitwarden_rs.tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/bitwarden_rs.conf" + # copy default config file install -D -m 0644 "$srcdir/$_src/.env.template" "$pkgdir/etc/bitwarden_rs.env" + # copy binary install -D -m0755 "$srcdir/$_src/target/release/bitwarden_rs" "$pkgdir/usr/bin/bitwarden_rs" } diff --git a/bitwarden_rs.install b/bitwarden_rs.install index a9ad0060b616..7dbab9f34735 100644 --- a/bitwarden_rs.install +++ b/bitwarden_rs.install @@ -1,16 +1,4 @@ post_install() { - # Create users and data directory - - echo "Adding user bitwarden_rs and creating data directory /var/lib/bitwarden_rs ..." - mkdir -p /var/lib/bitwarden_rs - getent group bitwarden_rs &>/dev/null || groupadd -r bitwarden_rs >/dev/null - getent passwd bitwarden_rs &>/dev/null || useradd -r -g bitwarden_rs -d /var/lib/bitwarden_rs -s /usr/bin/nologin bitwarden_rs >/dev/null - chown bitwarden_rs:bitwarden_rs /var/lib/bitwarden_rs - chmod 0750 /var/lib/bitwarden_rs - - # Load service file - systemctl --quiet daemon-reload - echo "" echo "##########" echo "#" @@ -19,30 +7,13 @@ post_install() { echo "#" echo "##########" echo "" - } post_upgrade() { - # Reload service file - systemctl --quiet daemon-reload - echo "" - echo "##########" - echo "#" echo "# Remember to restart the bitwarden_rs unit via 'systemctl restart bitwarden_rs.service', if neccessary." - echo "#" - echo "##########" - echo "" - -} - -pre_remove() { - # Stop service - systemctl --quiet --no-reload disable --now bitwarden_rs.service } post_remove() { - # Unload service - systemctl --quiet daemon-reload echo "" echo "##########" echo "#" diff --git a/bitwarden_rs.service b/bitwarden_rs.service index 458600a27ea6..c8263ff33640 100644 --- a/bitwarden_rs.service +++ b/bitwarden_rs.service @@ -14,16 +14,31 @@ ExecStart=/usr/bin/bitwarden_rs # Set reasonable connection and process limits LimitNOFILE=1048576 LimitNPROC=64 -# Isolate bitwarden_rs from the rest of the system + +# Prevent bitwarden_rs from doing anything stupid and/or unneccessary. PrivateTmp=true PrivateDevices=true + ProtectHome=true ProtectSystem=strict +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes + +RestrictNamespaces=yes + +SystemCallArchitectures=native +SystemCallFilter=@system-service +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + # Only allow writes to the following directory and set it to the working directory (user and password data are stored here) WorkingDirectory=/var/lib/bitwarden_rs ReadWriteDirectories=/var/lib/bitwarden_rs + # Allow bitwarden_rs to bind ports in the range of 0-1024 AmbientCapabilities=CAP_NET_BIND_SERVICE +# Restrict bitwarden_rs to only this capability +CapabilityBoundingSet=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target diff --git a/bitwarden_rs.sysusers.conf b/bitwarden_rs.sysusers.conf new file mode 100644 index 000000000000..344eab9ab504 --- /dev/null +++ b/bitwarden_rs.sysusers.conf @@ -0,0 +1 @@ +u bitwarden_rs - "User for bitwarden_rs service" diff --git a/bitwarden_rs.tmpfiles.conf b/bitwarden_rs.tmpfiles.conf new file mode 100644 index 000000000000..b6af34830524 --- /dev/null +++ b/bitwarden_rs.tmpfiles.conf @@ -0,0 +1 @@ +d /var/lib/bitwarden_rs 0750 bitwarden_rs bitwarden_rs |