upgpkg: docspell 0.13.0-1

upstream release
author: Lucki 2020-10-27 16:44:28 +0100
committer: Lucki 2020-10-27 16:44:28 +0100
commit: 32296abd3c614beb014565c25dc764d759b19d93 (patch)
tree: 1d1fe11d023cdcf7b066f3ed9f5078e7791d788c
parent: 68c47a2941b073915cbf9fa35fa5864196000228 (diff)
download: aur-32296abd3c614beb014565c25dc764d759b19d93.tar.gz
6 files changed, 81 insertions, 34 deletions
diff --git a/.SRCINFO b/.SRCINFO
index dd68632347cb..09571eb35be3 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,26 +1,28 @@
 pkgbase = docspell
-	pkgver = 0.12.0
+	pkgver = 0.13.0
 	pkgrel = 1
 	url = https://github.com/eikek/docspell
 	arch = any
 	groups = docspell
 	license = GPL3
-	source = docspell-0.12.0-restserver.zip::https://github.com/eikek/docspell/releases/download/v0.12.0/docspell-restserver-0.12.0.zip
-	source = docspell-0.12.0-joex.zip::https://github.com/eikek/docspell/releases/download/v0.12.0/docspell-joex-0.12.0.zip
+	depends = java-runtime-headless
+	optdepends = solr: provide fulltext search
+	source = docspell-0.13.0-restserver.zip::https://github.com/eikek/docspell/releases/download/v0.13.0/docspell-restserver-0.13.0.zip
+	source = docspell-0.13.0-joex.zip::https://github.com/eikek/docspell/releases/download/v0.13.0/docspell-joex-0.13.0.zip
 	source = docspell-joex.sh
 	source = docspell-restserver.sh
 	source = docspell-joex.service
 	source = docspell-restserver.service
 	source = docspell.sysusers
 	source = docspell.tmpfiles
-	sha512sums = 71d57a7645fb62138019d2be01d6fcd627c8b85407954cba50d4dd4c939ea35f06516eda24f10cc53d2f28b0ed4a534ec842b15409e1c21fe639581e7bb9d878
-	sha512sums = d563241a071f81fd325c88bccd6c9f448e6b297be326266639af2eec51f766d134dad379f56fd737247769b22007ba2ded6e8ad2b3b84e13f9bc4b9cfb529e9b
+	sha512sums = d4892ad84b0d91713dd2fd0eb4b22bb7acf7b285898acda55928049c2a463cdb0c7f865acf5fe05c15bd5e581049948e9d2cbef31049dc049786324fb117ac1c
+	sha512sums = 315f2bdcefa48685bf4cfe5f0c1860c88904aab5cfdf4eea8885975d72177baa9308fbdf0e350fe14b1f6a22edfab538cfa82a70739c4b8bade1857f216226a5
 	sha512sums = 2603c87f2db0e5d57486ad15f83092f577308d1bcda94d9f03bb142cc367c8421105b09bdcd93164a5f55059ac2d4f6d188ba3f729c11211438643675b577f00
 	sha512sums = 71887a73f3f545260667084e065d8268cefb10912d81e3cdbcbb0e104f3ebb1a498b8fc7bf14ec1ebcbfae9d79006a618f2477969eb2bd79603e0abfe9cb120c
-	sha512sums = ecc4caa40f4605b6889f5afae2686b9082c012e4a12225a219daaf304a7ceec31b7b2d9458133d33ec12cb10b47b3275b0b14707c39733204e64904885858d41
-	sha512sums = 20874138bfbcb952a9cd913d38418b0ab19c3c91f035e6a1b2b4549daf7f63075968dfc1eb114322a0666c9709888a3f578c8924fd23ccb2d839385c923e1ff9
-	sha512sums = 1c5d5ade3948e3791b790ff27ec20017b589101622342a7ff603127a4400fd557cdc1125a35b812eef317abdb04b5ffd43d4b52977eac85e4ed009086293bc78
-	sha512sums = 22bece62e82fcbc7c41daeb457cf7473a5e22690ec6a9a7e45e471aabcce930fca8220102b2b979057b577ddfedba3b758227ee912191f8074dbdd2f56b20e8c
+	sha512sums = f63f0fa58715b7da01aa265a7bec72eb24f0e98c354eed479b6034bc33b2ccdaef87db8a7630af1d5a6ac43fadf11a0f0a3fb3de5e183aa64d838a69b67125f9
+	sha512sums = 5cbe3c5a547eaa0af0952aca352b5dd86397b2c7fbc4fc730dd8882ee381586630124946d33ac34439505726a924c3b3c12792561ddc824fd5d5ef255d0a8d0f
+	sha512sums = afe9a62801e962aac2996d1bfdd02bcf027f5135e40130bff2078a0fe2072d1d135ceb0dfce5d2174686f1f60a6d93f460c83fbb62884ef2e51c23232f521597
+	sha512sums = 2c3926f7bb67b2556c1d46116035053b204ab5aa5f11bbf2b0e7e7b5b10acfa5e1dd86fa9aa7b57f8d7d92a7cdac0d8f314de4dc289e33d5d327c2349fd97698
 
 pkgname = docspell-joex
 	pkgdesc = Job executer for docspell
@@ -29,13 +31,11 @@ pkgname = docspell-joex
 	depends = tesseract
 	depends = unoconv
 	depends = wkhtmltopdf
-	optdepends = unpaper: pre-processes images to yield better results when doing ocr
+	optdepends = solr: provide fulltext search
 	optdepends = ocrmypdf: adds an OCR layer to scanned PDF files to make them searchable
-	optdepends = solr: provide the fulltext search feature
+	optdepends = unpaper: pre-processes images to yield better results when doing ocr
 	backup = etc/docspell-joex.conf
 
 pkgname = docspell-restserver
-	depends = java-runtime-headless
-	optdepends = solr: provide the fulltext search feature
 	backup = etc/.conf
 
diff --git a/PKGBUILD b/PKGBUILD
index d9064c917d8f..a7cf7f9593ce 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,12 +3,14 @@
 
 pkgbase=docspell
 pkgname=('docspell-joex' 'docspell-restserver')
-pkgver=0.12.0
+pkgver=0.13.0
 pkgrel=1
 arch=('any')
 url="https://github.com/eikek/docspell"
 license=('GPL3')
 groups=('docspell')
+depends=('java-runtime-headless')
+optdepends=('solr: provide fulltext search')
 source=("$pkgbase-$pkgver-restserver.zip::https://github.com/eikek/$pkgbase/releases/download/v$pkgver/$pkgbase-restserver-$pkgver.zip"
         "$pkgbase-$pkgver-joex.zip::https://github.com/eikek/$pkgbase/releases/download/v$pkgver/$pkgbase-joex-$pkgver.zip"
         "${pkgname[0]}.sh"
@@ -17,14 +19,14 @@ source=("$pkgbase-$pkgver-restserver.zip::https://github.com/eikek/$pkgbase/rele
         "${pkgname[1]}.service"
         "$pkgbase.sysusers"
         "$pkgbase.tmpfiles")
-sha512sums=('71d57a7645fb62138019d2be01d6fcd627c8b85407954cba50d4dd4c939ea35f06516eda24f10cc53d2f28b0ed4a534ec842b15409e1c21fe639581e7bb9d878'
-            'd563241a071f81fd325c88bccd6c9f448e6b297be326266639af2eec51f766d134dad379f56fd737247769b22007ba2ded6e8ad2b3b84e13f9bc4b9cfb529e9b'
+sha512sums=('d4892ad84b0d91713dd2fd0eb4b22bb7acf7b285898acda55928049c2a463cdb0c7f865acf5fe05c15bd5e581049948e9d2cbef31049dc049786324fb117ac1c'
+            '315f2bdcefa48685bf4cfe5f0c1860c88904aab5cfdf4eea8885975d72177baa9308fbdf0e350fe14b1f6a22edfab538cfa82a70739c4b8bade1857f216226a5'
             '2603c87f2db0e5d57486ad15f83092f577308d1bcda94d9f03bb142cc367c8421105b09bdcd93164a5f55059ac2d4f6d188ba3f729c11211438643675b577f00'
             '71887a73f3f545260667084e065d8268cefb10912d81e3cdbcbb0e104f3ebb1a498b8fc7bf14ec1ebcbfae9d79006a618f2477969eb2bd79603e0abfe9cb120c'
-            'ecc4caa40f4605b6889f5afae2686b9082c012e4a12225a219daaf304a7ceec31b7b2d9458133d33ec12cb10b47b3275b0b14707c39733204e64904885858d41'
-            '20874138bfbcb952a9cd913d38418b0ab19c3c91f035e6a1b2b4549daf7f63075968dfc1eb114322a0666c9709888a3f578c8924fd23ccb2d839385c923e1ff9'
-            '1c5d5ade3948e3791b790ff27ec20017b589101622342a7ff603127a4400fd557cdc1125a35b812eef317abdb04b5ffd43d4b52977eac85e4ed009086293bc78'
-            '22bece62e82fcbc7c41daeb457cf7473a5e22690ec6a9a7e45e471aabcce930fca8220102b2b979057b577ddfedba3b758227ee912191f8074dbdd2f56b20e8c')
+            'f63f0fa58715b7da01aa265a7bec72eb24f0e98c354eed479b6034bc33b2ccdaef87db8a7630af1d5a6ac43fadf11a0f0a3fb3de5e183aa64d838a69b67125f9'
+            '5cbe3c5a547eaa0af0952aca352b5dd86397b2c7fbc4fc730dd8882ee381586630124946d33ac34439505726a924c3b3c12792561ddc824fd5d5ef255d0a8d0f'
+            'afe9a62801e962aac2996d1bfdd02bcf027f5135e40130bff2078a0fe2072d1d135ceb0dfce5d2174686f1f60a6d93f460c83fbb62884ef2e51c23232f521597'
+            '2c3926f7bb67b2556c1d46116035053b204ab5aa5f11bbf2b0e7e7b5b10acfa5e1dd86fa9aa7b57f8d7d92a7cdac0d8f314de4dc289e33d5d327c2349fd97698')
 
 prepare() {
     # shellcheck disable=2016
@@ -44,10 +46,9 @@ prepare() {
 package_docspell-joex() {
     description=("Assists in organizing your piles of documents, resulting from scanners, e-mails and other sources with miminal effort. (Job executer)")
     pkgdesc="Job executer for docspell"
-    depends=('java-runtime-headless' 'ghostscript' 'tesseract' 'unoconv' 'wkhtmltopdf')
-    optdepends=('unpaper: pre-processes images to yield better results when doing ocr'
-            'ocrmypdf: adds an OCR layer to scanned PDF files to make them searchable'
-            'solr: provide the fulltext search feature')
+    depends+=('ghostscript' 'tesseract' 'unoconv' 'wkhtmltopdf')
+    optdepends+=('ocrmypdf: adds an OCR layer to scanned PDF files to make them searchable'
+                 'unpaper: pre-processes images to yield better results when doing ocr')
     backup=("etc/${pkgname[0]}.conf")
 
     install -Dm 755 "${pkgname[0]}.sh" "$pkgdir/usr/bin/${pkgname[0]}"
@@ -73,8 +74,6 @@ package_docspell-joex() {
 
 package_docspell-restserver() {
     description=("Assists in organizing your piles of documents, resulting from scanners, e-mails and other sources with miminal effort. (Server)")
-    depends=('java-runtime-headless')
-    optdepends=('solr: provide the fulltext search feature')
     backup=("etc/${pkgname[1]}.conf")
 
     install -Dm 755 "${pkgname[1]}.sh" "$pkgdir/usr/bin/${pkgname[1]}"
diff --git a/docspell-joex.service b/docspell-joex.service
index f330f596b4b4..090f723ca085 100644
--- a/docspell-joex.service
+++ b/docspell-joex.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=docspell-joex
+Description=Docspell job executer
 Requires=network.target
 
 [Service]
@@ -7,7 +7,7 @@ Type=simple
 WorkingDirectory=/var/lib/docspell
 ExecStart=/usr/bin/docspell-joex
 ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
+Restart=on-abnormal
 RestartSec=60
 SuccessExitStatus=
 TimeoutStopSec=5
@@ -16,5 +16,30 @@ Group=docspell
 PermissionsStartOnly=true
 LimitNOFILE=1024
 
+# Sandboxing features
+# https://github.com/alegrey91/systemd-service-hardening#getting-started
+# https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
+DevicePolicy=closed
+IPAddressAllow=192.168.1.0/24
+LockPersonality=yes
+#MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+ReadWritePaths=/var/lib/docspell
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=net
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
 [Install]
 WantedBy=multi-user.target
diff --git a/docspell-restserver.service b/docspell-restserver.service
index 44894cb566a3..95c79e3c30ce 100644
--- a/docspell-restserver.service
+++ b/docspell-restserver.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=docspell-restserver
+Description=Docspell server
 Requires=network.target
 
 [Service]
@@ -7,7 +7,7 @@ Type=simple
 WorkingDirectory=/var/lib/docspell
 ExecStart=/usr/bin/docspell-restserver
 ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
+Restart=on-abnormal
 RestartSec=60
 SuccessExitStatus=
 TimeoutStopSec=5
@@ -16,5 +16,30 @@ Group=docspell
 PermissionsStartOnly=true
 LimitNOFILE=1024
 
+# Sandboxing features
+# https://github.com/alegrey91/systemd-service-hardening#getting-started
+# https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
+DevicePolicy=closed
+IPAddressAllow=192.168.1.0/24
+LockPersonality=yes
+#MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+ReadWritePaths=/var/lib/docspell
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=net
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
 [Install]
 WantedBy=multi-user.target
diff --git a/docspell.sysusers b/docspell.sysusers
index 8e85886de470..56fd3cf60402 100644
--- a/docspell.sysusers
+++ b/docspell.sysusers
@@ -1 +1 @@
-u docspell - "organizing your piles of documents" -
+u docspell - "organizing your piles of documents" /var/lib/docspell -
diff --git a/docspell.tmpfiles b/docspell.tmpfiles
index c43f0cf6c71d..e429f6bf0d4b 100644
--- a/docspell.tmpfiles
+++ b/docspell.tmpfiles
@@ -1,3 +1 @@
-d /run/docspell 755 docspell docspell -
-d /var/log/docspell - docspell docspell -
-d /var/lib/docspell 755 docspell docspell -
+d /var/lib/docspell 750 docspell docspell -
author	Lucki	2020-10-27 16:44:28 +0100
committer	Lucki	2020-10-27 16:44:28 +0100
commit	32296abd3c614beb014565c25dc764d759b19d93 (patch)
tree	1d1fe11d023cdcf7b066f3ed9f5078e7791d788c
parent	68c47a2941b073915cbf9fa35fa5864196000228 (diff)
download	aur-32296abd3c614beb014565c25dc764d759b19d93.tar.gz