diff options
| author | Mario Hros | 2018-11-16 23:12:35 +0100 |
|---|---|---|
| committer | Mario Hros | 2018-11-16 23:12:35 +0100 |
| commit | fd9cdcb7967fec6303fd777426b663e45bb71ac2 (patch) | |
| tree | 640a857fb47960a16b5eb811c8b7ca03a54be897 | |
| parent | 6bc5273a2e92bb87a047b6adc7feb739135984e9 (diff) | |
| download | aur-fd9cdcb7967fec6303fd777426b663e45bb71ac2.tar.gz | |
Applied suggested improvements from https://gist.github.com/Wuestengecko/57daca658c9af5d8f9b834f524025a89 (missing dependency, systemd dynamic user and several more)
| -rw-r--r-- | .SRCINFO | 8 | ||||
| -rw-r--r-- | PKGBUILD | 17 | ||||
| -rw-r--r-- | carbonapi.service | 20 |
3 files changed, 32 insertions, 13 deletions
@@ -1,21 +1,21 @@ pkgbase = carbonapi pkgdesc = Replacement graphite API server written in Go pkgver = 0.11.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/go-graphite/carbonapi arch = i686 arch = x86_64 license = BSD makedepends = go>=1.8 depends = glibc - conflicts = -git - options = !strip + depends = cairo + backup = etc/carbonapi.yaml source = carbonapi-0.11.0.tar.gz::https://github.com/go-graphite/carbonapi/archive/0.11.0.tar.gz source = carbonapi.yaml source = carbonapi.service sha256sums = d54228f0fce17db1ed319bc7a65c4296b539e6fec34645bfcaed4baf39840efc sha256sums = cef6f2fb6702d32ce84765615ec8208f8d03f9d540f177e904f47c61e5ea1215 - sha256sums = d82c982d0f2673385d129c96d2566b28beed642b0bbd75f2b54dc497fa36bc24 + sha256sums = 9d24333dfefc199957a2efa4779f69a9ad01f78bbff97c35dbacbb160b9bec50 pkgname = carbonapi @@ -1,33 +1,29 @@ # Maintainer: Mario Hros <m-aur@k3a.me> -_userid=511 -_username=carbonapi - pkgname=carbonapi pkgver=0.11.0 -pkgrel=1 +pkgrel=2 pkgdesc="Replacement graphite API server written in Go" arch=(i686 x86_64) url='https://github.com/go-graphite/carbonapi' license=('BSD') -conflicts=("$_pkgname-git") -options=('!strip') -depends=(glibc) +depends=(glibc cairo) makedepends=('go>=1.8') +backup=('etc/carbonapi.yaml') _gopkg=github.com/go-graphite/$pkgname source=($pkgname-$pkgver.tar.gz::https://$_gopkg/archive/$pkgver.tar.gz carbonapi.yaml carbonapi.service) sha256sums=('d54228f0fce17db1ed319bc7a65c4296b539e6fec34645bfcaed4baf39840efc' 'cef6f2fb6702d32ce84765615ec8208f8d03f9d540f177e904f47c61e5ea1215' - 'd82c982d0f2673385d129c96d2566b28beed642b0bbd75f2b54dc497fa36bc24') + '9d24333dfefc199957a2efa4779f69a9ad01f78bbff97c35dbacbb160b9bec50') build() { export GOPATH="${srcdir}" # make fake GOPATH structure local _importPath="${srcdir}/src/$_gopkg" - mkdir -p `dirname "$_importPath"` + mkdir -p "${_importPath%/*}" ln -sf "${srcdir}/${pkgname}-${pkgver}" "${_importPath}" cd "${_importPath}" @@ -41,5 +37,8 @@ package() { install -Dm0755 "./carbonapi" "${pkgdir}/usr/bin/carbonapi" install -Dm0644 "${srcdir}/carbonapi.service" "${pkgdir}/usr/lib/systemd/system/carbonapi.service" install -Dm0644 "${srcdir}/carbonapi.yaml" "${pkgdir}/etc/carbonapi.yaml" + + install -Dm0644 "${srcdir}/${pkgname}-${pkgver}/LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" } +# vim:set ts=4 sw=4 noet: diff --git a/carbonapi.service b/carbonapi.service index 311f56332533..625626f42488 100644 --- a/carbonapi.service +++ b/carbonapi.service @@ -8,5 +8,25 @@ Type=simple ExecStart=/usr/bin/carbonapi -config /etc/carbonapi.yaml Restart=on-failure +DynamicUser=true + +CapabilityBoundingSet= +AmbientCapabilities= +NoNewPrivileges=true + +ProtectSystem=strict +ProtectHome=true + +PrivateTmp=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true + +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictRealtime=true +RemoveIPC=true + [Install] WantedBy=multi-user.target |