summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorD. Can Celasun2020-01-06 08:03:30 +0000
committerD. Can Celasun2020-01-06 08:03:30 +0000
commit08e2ef3b16279609c7aedf1b2cf584417a01e417 (patch)
tree173a02d32a65a9e8394bd54263e9a390b57c6152
parent4f08ddc9816ca9f16c7bf79af66ce8df81c3e186 (diff)
downloadaur-08e2ef3b16279609c7aedf1b2cf584417a01e417.tar.gz
[bitwarden_rs-postgresql] Update to 1.13.1
Diffstat
-rw-r--r--.SRCINFO16
-rw-r--r--PKGBUILD28
-rw-r--r--bitwarden_rs.install29
-rw-r--r--bitwarden_rs.service17
-rw-r--r--bitwarden_rs.sysusers.conf1
-rw-r--r--bitwarden_rs.tmpfiles.conf1
6 files changed, 50 insertions, 42 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 75fc58bb5318..01a9792d5e4e 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = bitwarden_rs-postgresql
pkgdesc = An unofficial lightweight implementation of the bitwarden-server using rust and postgresql. Does NOT include the web-interface.
- pkgver = 1.13.0
+ pkgver = 1.13.1
pkgrel = 1
url = https://github.com/dani-garcia/bitwarden_rs
install = bitwarden_rs.install
@@ -17,15 +17,19 @@ pkgbase = bitwarden_rs-postgresql
provides = bitwarden_rs
conflicts = bitwarden_rs-git
conflicts = bitwarden_rs
- conflicts = bitwarden_rs-mysql
+ conflicts = bitwarden_rs-postgresql
backup = etc/bitwarden_rs.env
- source = https://github.com/dani-garcia/bitwarden_rs/archive/1.13.0.tar.gz
+ source = https://github.com/dani-garcia/bitwarden_rs/archive/1.13.1.tar.gz
source = bitwarden_rs.install
source = bitwarden_rs.service
+ source = bitwarden_rs.sysusers.conf
+ source = bitwarden_rs.tmpfiles.conf
source = 0001-Disable-Vault.patch
- sha512sums = ef17482b98b8caa089c957bc3db53f3adcbcdd1b8b64cb4b94612875bf939e259b9ef5928d2aaf99490534a83b48a3ec06933c28b243be1c41bf3dfbe68f5c8d
- sha512sums = 399e63002acb764895bbcf3b983642c8858343b36909eeeb73133de1a9740a3d81232bc206ff6bf3daed50f72354c5e6fd5314d0d044acd9f1cb23a933b1dd74
- sha512sums = 4ce188956f6fe7cfdb711b1505f6344ed2775751ea112a0506dc96455c2705ab8529ec442e4747d7810fc3535b4ca78d1864e874dab5b5306373587097e02658
+ sha512sums = f032749606745ab1fd78cc0429fff3e9711522a94098f57d0134fa0f8dbfc07814d5b2a71e53028f8f911fd9c233fdedb8f68822096229a00cef189b41b6e717
+ sha512sums = 6bb58fc3d7e1869aafb985aa5fd26683e730ca6b93ddfba6a907aa2b1ca31b1b4280dbfff8c875668d6890e7198f4f0ac39c6f9be283fbfba347f85b987a11f9
+ sha512sums = 60a406c8fea4bb651974b3fd386f66a0fcf73bfcc29bffe171b92134e2e81b6374ac6be879eb420208ecd77911b7d157db587510347e56ecb72aec34ac90fbe6
+ sha512sums = 15b00b0dc9122f98ce8d7b55668fdfbb2e0387563e7d9ad6c0ebc73b75e46e1ccdb3a2186a453795a1b3e2d45358ff5a8076d5cf30319ab2c21539d20cff81c6
+ sha512sums = 6fd0ea962f077f92ad7f55a1bab479e68e3463b41eb171d501847554b676b7ecf05e016544f6331bdb53bf71038fcf2ce67ad213d0a7c2f93acbafd72e8441a6
sha512sums = a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028
pkgname = bitwarden_rs-postgresql
diff --git a/PKGBUILD b/PKGBUILD
index 14539e2eeb6d..d52f6ffae8ff 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
pkgname=bitwarden_rs-postgresql
_pkgbase=bitwarden_rs
-pkgver=1.13.0
+pkgver=1.13.1
pkgrel=1
pkgdesc="An unofficial lightweight implementation of the bitwarden-server using rust and postgresql. Does NOT include the web-interface."
arch=('i686' 'x86_64' 'armv7h' 'aarch64')
@@ -12,17 +12,21 @@ license=('GPL3')
depends=('openssl')
makedepends=('rust-nightly' 'cargo-nightly' 'postgresql')
optdepends=("bitwarden_rs-vault: Web Interface 'Vault'")
-conflicts=("${_pkgbase}-git" "${_pkgbase}" "${_pkgbase}-mysql")
+conflicts=("${_pkgbase}-git" "${_pkgbase}" "${_pkgbase}-postgresql")
provides=("${_pkgbase}")
backup=('etc/bitwarden_rs.env')
install=bitwarden_rs.install
source=("https://github.com/dani-garcia/bitwarden_rs/archive/$pkgver.tar.gz"
"${_pkgbase}.install"
"${_pkgbase}.service"
+ "${_pkgbase}.sysusers.conf"
+ "${_pkgbase}.tmpfiles.conf"
"0001-Disable-Vault.patch")
-sha512sums=('ef17482b98b8caa089c957bc3db53f3adcbcdd1b8b64cb4b94612875bf939e259b9ef5928d2aaf99490534a83b48a3ec06933c28b243be1c41bf3dfbe68f5c8d'
- '399e63002acb764895bbcf3b983642c8858343b36909eeeb73133de1a9740a3d81232bc206ff6bf3daed50f72354c5e6fd5314d0d044acd9f1cb23a933b1dd74'
- '4ce188956f6fe7cfdb711b1505f6344ed2775751ea112a0506dc96455c2705ab8529ec442e4747d7810fc3535b4ca78d1864e874dab5b5306373587097e02658'
+sha512sums=('f032749606745ab1fd78cc0429fff3e9711522a94098f57d0134fa0f8dbfc07814d5b2a71e53028f8f911fd9c233fdedb8f68822096229a00cef189b41b6e717'
+ '6bb58fc3d7e1869aafb985aa5fd26683e730ca6b93ddfba6a907aa2b1ca31b1b4280dbfff8c875668d6890e7198f4f0ac39c6f9be283fbfba347f85b987a11f9'
+ '60a406c8fea4bb651974b3fd386f66a0fcf73bfcc29bffe171b92134e2e81b6374ac6be879eb420208ecd77911b7d157db587510347e56ecb72aec34ac90fbe6'
+ '15b00b0dc9122f98ce8d7b55668fdfbb2e0387563e7d9ad6c0ebc73b75e46e1ccdb3a2186a453795a1b3e2d45358ff5a8076d5cf30319ab2c21539d20cff81c6'
+ '6fd0ea962f077f92ad7f55a1bab479e68e3463b41eb171d501847554b676b7ecf05e016544f6331bdb53bf71038fcf2ce67ad213d0a7c2f93acbafd72e8441a6'
'a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028')
_src="$_pkgbase-$pkgver"
@@ -30,14 +34,26 @@ build() {
#build bitwarden_rs
cd "$srcdir/$_src"
patch -N -p1 -i "$srcdir/0001-Disable-Vault.patch"
- cargo build --release --features postgresql
+
+ cargo build --release --locked --no-default-features --features postgresql
+}
+
+check() {
+ cd "$srcdir/$_src"
+ cargo test --release --locked --no-default-features --features postgresql
}
package() {
# setup systemd service
install -D -m 0644 "$srcdir/bitwarden_rs.service" "$pkgdir/usr/lib/systemd/system/bitwarden_rs.service"
+
+ # declarative setup of user and directory
+ install -D -m 0644 "$srcdir/bitwarden_rs.sysusers.conf" "$pkgdir/usr/lib/sysusers.d/bitwarden_rs.conf"
+ install -D -m 0644 "$srcdir/bitwarden_rs.tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/bitwarden_rs.conf"
+
# copy default config file
install -D -m 0644 "$srcdir/$_src/.env.template" "$pkgdir/etc/bitwarden_rs.env"
+
# copy binary
install -D -m0755 "$srcdir/$_src/target/release/bitwarden_rs" "$pkgdir/usr/bin/bitwarden_rs"
}
diff --git a/bitwarden_rs.install b/bitwarden_rs.install
index a9ad0060b616..7dbab9f34735 100644
--- a/bitwarden_rs.install
+++ b/bitwarden_rs.install
@@ -1,16 +1,4 @@
post_install() {
- # Create users and data directory
-
- echo "Adding user bitwarden_rs and creating data directory /var/lib/bitwarden_rs ..."
- mkdir -p /var/lib/bitwarden_rs
- getent group bitwarden_rs &>/dev/null || groupadd -r bitwarden_rs >/dev/null
- getent passwd bitwarden_rs &>/dev/null || useradd -r -g bitwarden_rs -d /var/lib/bitwarden_rs -s /usr/bin/nologin bitwarden_rs >/dev/null
- chown bitwarden_rs:bitwarden_rs /var/lib/bitwarden_rs
- chmod 0750 /var/lib/bitwarden_rs
-
- # Load service file
- systemctl --quiet daemon-reload
-
echo ""
echo "##########"
echo "#"
@@ -19,30 +7,13 @@ post_install() {
echo "#"
echo "##########"
echo ""
-
}
post_upgrade() {
- # Reload service file
- systemctl --quiet daemon-reload
- echo ""
- echo "##########"
- echo "#"
echo "# Remember to restart the bitwarden_rs unit via 'systemctl restart bitwarden_rs.service', if neccessary."
- echo "#"
- echo "##########"
- echo ""
-
-}
-
-pre_remove() {
- # Stop service
- systemctl --quiet --no-reload disable --now bitwarden_rs.service
}
post_remove() {
- # Unload service
- systemctl --quiet daemon-reload
echo ""
echo "##########"
echo "#"
diff --git a/bitwarden_rs.service b/bitwarden_rs.service
index 458600a27ea6..c8263ff33640 100644
--- a/bitwarden_rs.service
+++ b/bitwarden_rs.service
@@ -14,16 +14,31 @@ ExecStart=/usr/bin/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
-# Isolate bitwarden_rs from the rest of the system
+
+# Prevent bitwarden_rs from doing anything stupid and/or unneccessary.
PrivateTmp=true
PrivateDevices=true
+
ProtectHome=true
ProtectSystem=strict
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+
+RestrictNamespaces=yes
+
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/var/lib/bitwarden_rs
ReadWriteDirectories=/var/lib/bitwarden_rs
+
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE
+# Restrict bitwarden_rs to only this capability
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
diff --git a/bitwarden_rs.sysusers.conf b/bitwarden_rs.sysusers.conf
new file mode 100644
index 000000000000..344eab9ab504
--- /dev/null
+++ b/bitwarden_rs.sysusers.conf
@@ -0,0 +1 @@
+u bitwarden_rs - "User for bitwarden_rs service"
diff --git a/bitwarden_rs.tmpfiles.conf b/bitwarden_rs.tmpfiles.conf
new file mode 100644
index 000000000000..b6af34830524
--- /dev/null
+++ b/bitwarden_rs.tmpfiles.conf
@@ -0,0 +1 @@
+d /var/lib/bitwarden_rs 0750 bitwarden_rs bitwarden_rs