diff options
author | C0rn3j | 2020-05-27 14:28:36 +0200 |
---|---|---|
committer | C0rn3j | 2020-05-27 14:28:36 +0200 |
commit | 99383c4d8709dbbf5a3bd3f5085bfba13a4cbbaf (patch) | |
tree | fdc90047cec34b73378a11ec23ee1e52bf6bfb46 | |
parent | 854b01fcece6985045004b2e59a5365bbda606d2 (diff) | |
download | aur-99383c4d8709dbbf5a3bd3f5085bfba13a4cbbaf.tar.gz |
do not use a root user
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | PKGBUILD | 32 | ||||
-rw-r--r-- | jicofo.service | 17 | ||||
-rw-r--r-- | sysusers.conf | 2 | ||||
-rw-r--r-- | tmpfiles.conf | 2 |
6 files changed, 46 insertions, 15 deletions
@@ -17,10 +17,14 @@ pkgbase = jicofo-git source = jicofo.conf source = jicofo.service source = sip-communicator.properties + source = sysusers.conf + source = tmpfiles.conf sha256sums = SKIP sha256sums = 3a558324a17011cf48e033ce265d45cc06a0b53e009984e841496f1cd4d7519d - sha256sums = a28d21abcbb58ac50c974aba04360c3307a37074b420e40abd016e9d9adddd85 + sha256sums = 82937c73200a38326e4362fcf0cbc27ad710a0c0c5708e5f84815d10dfd86a86 sha256sums = ed3a2c91d3f6c92f3aeae4dd852f04196ed57cc0c8a33da3bae6c1fb26b88294 + sha256sums = 0681e97ca1e06d8ea7bdec0a874c6fc7a6ea84628923005130cd444547a1b440 + sha256sums = b4ed1528f804056b43d47a8214f2ed853b31a8cedbafb96c26fae556df554be8 pkgname = jicofo-git diff --git a/.gitignore b/.gitignore index a3580d3d9583..5aaf857cbe98 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ !jicofo.service !jicofo.conf !sip-communicator.properties +!sysusers.conf +!tmpfiles.conf @@ -23,29 +23,35 @@ changelog= source=($pkgname::git+https://github.com/jitsi/jicofo jicofo.conf jicofo.service - sip-communicator.properties) + sip-communicator.properties + sysusers.conf + tmpfiles.conf) noextract=() sha256sums=('SKIP' '3a558324a17011cf48e033ce265d45cc06a0b53e009984e841496f1cd4d7519d' - 'a28d21abcbb58ac50c974aba04360c3307a37074b420e40abd016e9d9adddd85' - 'ed3a2c91d3f6c92f3aeae4dd852f04196ed57cc0c8a33da3bae6c1fb26b88294') + '82937c73200a38326e4362fcf0cbc27ad710a0c0c5708e5f84815d10dfd86a86' + 'ed3a2c91d3f6c92f3aeae4dd852f04196ed57cc0c8a33da3bae6c1fb26b88294' + '0681e97ca1e06d8ea7bdec0a874c6fc7a6ea84628923005130cd444547a1b440' + 'b4ed1528f804056b43d47a8214f2ed853b31a8cedbafb96c26fae556df554be8') validpgpkeys=() pkgver() { - cd "$pkgname" - printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" + cd "$pkgname" + printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" } build() { - cd "${srcdir}/${pkgname}" - mvn package -DskipTests -Dassembly.skipAssembly=false - unzip -o target/jicofo-1.1-SNAPSHOT-archive.zip + cd "${srcdir}/${pkgname}" + mvn package -DskipTests -Dassembly.skipAssembly=false + unzip -o target/jicofo-1.1-SNAPSHOT-archive.zip } package() { - install -d "${pkgdir}/usr/share" - cp -R "${srcdir}/jicofo-git/jicofo-1.1-SNAPSHOT/" "${pkgdir}/usr/share/jicofo" - install -Dm644 jicofo.service "$pkgdir"/usr/lib/systemd/system/jicofo.service - install -Dm644 jicofo.conf "$pkgdir"/etc/jitsi/jicofo/jicofo.conf - install -Dm644 sip-communicator.properties "${pkgdir}"/etc/jitsi/jicofo/sip-communicator.properties + install -d "${pkgdir}/usr/share" + cp -R "${srcdir}/jicofo-git/jicofo-1.1-SNAPSHOT/" "${pkgdir}/usr/share/jicofo" + install -Dm644 jicofo.conf "$pkgdir/etc/jitsi/jicofo/jicofo.conf" + install -Dm644 jicofo.service "$pkgdir/usr/lib/systemd/system/jicofo.service" + install -Dm644 sip-communicator.properties "${pkgdir}/etc/jitsi/jicofo/sip-communicator.properties" + install -Dm644 sysusers.conf "${pkgdir}/usr/lib/sysusers.d/jicofo.conf" + install -Dm644 tmpfiles.conf "${pkgdir}/usr/lib/tmpfiles.d/jicofo.conf" } diff --git a/jicofo.service b/jicofo.service index 788f19552fc8..d540b2474944 100644 --- a/jicofo.service +++ b/jicofo.service @@ -1,13 +1,28 @@ [Unit] -Description=Jicofo +Description=JItsi COnference FOcus Wants=network-online.target After=network-online.target [Service] Type=simple EnvironmentFile=/etc/jitsi/jicofo/jicofo.conf +User=jicofo ExecStart=/usr/share/jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} +WorkingDirectory=~ +StateDirectory=jicofo +StateDirectoryMode=0750 +LogsDirectory=jicofo +LogsDirectoryMode=0750 Restart=on-failure +# Hardening +#NoNewPrivileges=yes +#PrivateTmp=yes +#PrivateDevices=yes +#ProtectHome=yes +#ProtectKernelTunables=yes +#ProtectControlGroups=yes +#ProtectSystem=strict + [Install] WantedBy=multi-user.target diff --git a/sysusers.conf b/sysusers.conf new file mode 100644 index 000000000000..9991955c9e48 --- /dev/null +++ b/sysusers.conf @@ -0,0 +1,2 @@ +g jitsi +u jicofo -:jitsi - /var/lib/jicofo diff --git a/tmpfiles.conf b/tmpfiles.conf new file mode 100644 index 000000000000..e06fe710b8da --- /dev/null +++ b/tmpfiles.conf @@ -0,0 +1,2 @@ +Z /etc/jitsi/jicofo 0640 jicofo jitsi +z /etc/jitsi/jicofo 0750 jicofo jitsi |