Upgrade to 11.0.0

PKGBUILD: Upgrade to 11.0.0. Minor cleanups. .gitignore: Add .zst files. nextcloud-news-updater.ini: Switch to current API version (v15). nextcloud-news-updater.install: Add note about the requirement to add the nextcloud instance's data dir to ReadWritePaths. nextcloud-news-updater.service: Harden the service further.
author: David Runge 2020-10-23 01:38:30 +0200
committer: David Runge 2020-10-23 01:38:30 +0200
commit: 172ceed52aeced8c2e79d5efd2f1cfeb3789bbec (patch)
tree: 533ebcfc92f155a6d403221b33a3a9873b1b42e9
parent: 8b6456cb9b7ec822b85585c65b46bca757aeed22 (diff)
download: aur-172ceed52aeced8c2e79d5efd2f1cfeb3789bbec.tar.gz
6 files changed, 61 insertions, 38 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 42be7b12db1a..2a7d12c36db5 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,23 +1,27 @@
 pkgbase = nextcloud-news-updater
 	pkgdesc = A parallel feed updater for the Nextcloud News app
-	pkgver = 10.0.1
-	pkgrel = 4
+	pkgver = 11.0.0
+	pkgrel = 1
 	url = https://github.com/nextcloud/news-updater
 	install = nextcloud-news-updater.install
 	arch = any
 	license = GPL3
 	checkdepends = python-pytest
 	depends = python-setuptools
-	optdepends = nextcloud-app-news: Updating a local instance of the Nextcloud News app
+	optdepends = nextcloud-app-news: for updating a local instance of the Nextcloud News app
 	backup = etc/webapps/nextcloud/news/nextcloud-news-updater.ini
-	source = nextcloud-news-updater-10.0.1.tar.gz::https://github.com/nextcloud/news-updater/archive/10.0.1.tar.gz
+	source = nextcloud-news-updater-11.0.0.tar.gz::https://github.com/nextcloud/news-updater/archive/11.0.0.tar.gz
 	source = nextcloud-news-updater.ini
 	source = nextcloud-news-updater.service
 	source = nextcloud-news-updater.timer
-	sha512sums = dc57079df5490d63317525c322318dd3bf2dc88630827ff8cac8512e0e9fa3330793c556d63c6ca264fb4ad3dff2d9014bbf8f951e1a2f30a0c8fafcbc9eeafd
-	sha512sums = a36b8da6028e6f1901013c5fc3373eb16c7fc01902a7ed2b3320db84e339428fe43e301079cf1cb9955dd9e9c622c9fea2d945ac6f2f931c7c987bda1868e04c
-	sha512sums = 21ce177a2cf36832d5dd51b00673734998982397d42366e4448c1ae84f570590acb26b209b918cbc215001ea0b8ae95765def2a688c7753c66c24caed44ef8e9
+	sha512sums = ec47d65c7d2f97a413582771e2ca16102be589b4ed01a917f05e38d161d06926df98cbcb2e5f72b1e89f627efb0f146fbc4d39866ab6481eb93de2a446664f92
+	sha512sums = d661d65e3da1d80cc785d40c803663f2e149b53dbb3e1b0e66f1d5c1b07eb3983a9ffeee40b44b04f89bcc787c5cfb7f46e8c408df020a372bc918426b76007b
+	sha512sums = d18c3633a79c4f26867156a8075403e8d5cd0714e718540589df3359e54df1ebca338e2113712fedfe31d79198104c48ac8d985a6a208732764cd3d4edd31104
 	sha512sums = dd06c06249bc9537555517d97a66dbaefcfcc27547a03abb3cf8bcb15edbda1f49cb03191dbebb8ad6737bdf46c1f25567636fa1c206b60a39d22ce41c506aaa
+	b2sums = 8d327c0c6a64e18a0335cd8f0774c81247dbafe3f5794cc6bac6863e8f8d9e0fc268b9275729ad94d1c7ac9ea2533fccee24f7048adf41e6fe4ffdb64f6400e5
+	b2sums = a50439972435dc8ed2277633bd5819c51bbf24af317b64210968e3415d0cdae23a333dc5bc912ed6ce1fb40c1cc27addf31a830a4a45ca63dd0ad28dfdb31209
+	b2sums = 2ceb1aee05f9448e17cc9755344fa9a22b90e0865a4f13a2f9961ed2730ff6668f42ce2c47932363edca8cb2e54a59855fa67bdbfbd3e182a22447b039c9c6c8
+	b2sums = a56604d3d29ebbf4fb807bfeec32a90fe5688bd516633f1990e11afd664ba730b941e522c393a21f85b8be2f10cfa08288f0884dc693bcc30b7cc12dc967a0a6
 
 pkgname = nextcloud-news-updater
 
diff --git a/.gitignore b/.gitignore
index 528becef7722..c15822095c46 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 *.gz
-*.xz
+*.zst
 *.log
diff --git a/PKGBUILD b/PKGBUILD
index a4160d43019b..2e3c73a0b105 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,27 +1,31 @@
-# Maintainer: David Runge <dave@sleepmap.de>
+# Maintainer: David Runge <dvzrv@archlinux.org>
 # Contributor: Andrea Scarpino <andrea@archlinux.org>
 # Contributor: Shujie Zhang <zhang.shujie87@gmail.com>
 
 _name=news-updater
 pkgname=nextcloud-news-updater
-pkgver=10.0.1
-pkgrel=4
+pkgver=11.0.0
+pkgrel=1
 pkgdesc="A parallel feed updater for the Nextcloud News app"
 arch=('any')
 url="https://github.com/nextcloud/news-updater"
 license=('GPL3')
 depends=('python-setuptools')
 checkdepends=('python-pytest')
-optdepends=('nextcloud-app-news: Updating a local instance of the Nextcloud News app')
+optdepends=('nextcloud-app-news: for updating a local instance of the Nextcloud News app')
 backup=("etc/webapps/nextcloud/news/${pkgname}.ini")
 source=("${pkgname}-${pkgver}.tar.gz::https://github.com/nextcloud/${_name}/archive/${pkgver}.tar.gz"
-  "${pkgname}.ini"
-  "${pkgname}.service"
-  "${pkgname}.timer")
-sha512sums=('dc57079df5490d63317525c322318dd3bf2dc88630827ff8cac8512e0e9fa3330793c556d63c6ca264fb4ad3dff2d9014bbf8f951e1a2f30a0c8fafcbc9eeafd'
-            'a36b8da6028e6f1901013c5fc3373eb16c7fc01902a7ed2b3320db84e339428fe43e301079cf1cb9955dd9e9c622c9fea2d945ac6f2f931c7c987bda1868e04c'
-            '21ce177a2cf36832d5dd51b00673734998982397d42366e4448c1ae84f570590acb26b209b918cbc215001ea0b8ae95765def2a688c7753c66c24caed44ef8e9'
+        "${pkgname}.ini"
+        "${pkgname}.service"
+        "${pkgname}.timer")
+sha512sums=('ec47d65c7d2f97a413582771e2ca16102be589b4ed01a917f05e38d161d06926df98cbcb2e5f72b1e89f627efb0f146fbc4d39866ab6481eb93de2a446664f92'
+            'd661d65e3da1d80cc785d40c803663f2e149b53dbb3e1b0e66f1d5c1b07eb3983a9ffeee40b44b04f89bcc787c5cfb7f46e8c408df020a372bc918426b76007b'
+            'd18c3633a79c4f26867156a8075403e8d5cd0714e718540589df3359e54df1ebca338e2113712fedfe31d79198104c48ac8d985a6a208732764cd3d4edd31104'
             'dd06c06249bc9537555517d97a66dbaefcfcc27547a03abb3cf8bcb15edbda1f49cb03191dbebb8ad6737bdf46c1f25567636fa1c206b60a39d22ce41c506aaa')
+b2sums=('8d327c0c6a64e18a0335cd8f0774c81247dbafe3f5794cc6bac6863e8f8d9e0fc268b9275729ad94d1c7ac9ea2533fccee24f7048adf41e6fe4ffdb64f6400e5'
+        'a50439972435dc8ed2277633bd5819c51bbf24af317b64210968e3415d0cdae23a333dc5bc912ed6ce1fb40c1cc27addf31a830a4a45ca63dd0ad28dfdb31209'
+        '2ceb1aee05f9448e17cc9755344fa9a22b90e0865a4f13a2f9961ed2730ff6668f42ce2c47932363edca8cb2e54a59855fa67bdbfbd3e182a22447b039c9c6c8'
+        'a56604d3d29ebbf4fb807bfeec32a90fe5688bd516633f1990e11afd664ba730b941e522c393a21f85b8be2f10cfa08288f0884dc693bcc30b7cc12dc967a0a6')
 install="${pkgname}.install"
 
 prepare() {
@@ -35,15 +39,14 @@ build() {
 
 check() {
   cd "${pkgname}-${pkgver}"
-  py.test
+  pytest -v
 }
 
 package() {
   cd "${pkgname}-${pkgver}"
   python setup.py install --skip-build \
-    --optimize=1 \
-    --prefix=/usr \
-    --root="${pkgdir}"
+                          --optimize=1 \
+                          --root="${pkgdir}"
   # configuration
   install -vDm 644 "../${pkgname}.ini" \
     -t "${pkgdir}/etc/webapps/nextcloud/news/"
diff --git a/nextcloud-news-updater.ini b/nextcloud-news-updater.ini
index 104988bd6b34..c9ec09ed4cf5 100644
--- a/nextcloud-news-updater.ini
+++ b/nextcloud-news-updater.ini
@@ -13,8 +13,8 @@ loglevel = error
 url = /usr/share/webapps/nextcloud
 # absolute path to custom php.ini
 #phpini = /etc/php/php.ini
-# v1-2 is the current version, v2 is only a draft
-apilevel = v1-2
+# or v2 which is currently a draft
+apilevel = v15
 # 'endless' (script handles update interval itself) or 'singlerun' (when using systemd timer)
 mode = endless
 # path to php binary
diff --git a/nextcloud-news-updater.install b/nextcloud-news-updater.install
index fae24a542ecf..ccb612dab8c0 100644
--- a/nextcloud-news-updater.install
+++ b/nextcloud-news-updater.install
@@ -1,4 +1,4 @@
 post_install() {
-  echo "Note: Only use the nextcloud-news-updater.timer, if you have set testrun=true in your configuration!"
+  printf "NOTE: To use nextcloud-news-updater.service, add your instance's data directory to the service's ReadWritePaths!\nsystemctl edit nextcloud-news-updater.service"
+  printf "NOTE: nextcloud-news-updater.timer can only be used with 'testrun=true' in /etc/webapps/nextcloud/news/nextcloud-news-updater.ini!"
 }
-
diff --git a/nextcloud-news-updater.service b/nextcloud-news-updater.service
index dafe94e5ca7d..18b87aec709a 100644
--- a/nextcloud-news-updater.service
+++ b/nextcloud-news-updater.service
@@ -1,21 +1,37 @@
 [Unit]
-Description=Nextcloud news updater service
-After=default.target
+Description=Update nextcloud news feeds
+After=network.target network-online.target
 
 [Service]
-Type=simple
-User=http
-Group=http
+CapabilityBoundingSet=
+DeviceAllow=
+DevicePolicy=closed
 Environment=NEXTCLOUD_CONFIG_DIR=/etc/webapps/nextcloud/config
 ExecStart=/usr/bin/nextcloud-news-updater -c /etc/webapps/nextcloud/news/nextcloud-news-updater.ini
-PrivateTmp=yes
-ProtectSystem=full
+Group=http
+LockPersonality=true
+NoNewPrivileges=true
+PrivateTmp=true
 PrivateDevices=true
-ProtectKernelTunables=true
+PrivateUsers=true
+ProtectClock=true
 ProtectControlGroups=true
-ReadWritePaths=/etc/webapps/nextcloud /usr/share/webapps/nextcloud
-ProtectHome=yes
-NoNewPrivileges=yes
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+ReadWritePaths=/etc/webapps/nextcloud
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+UMask=007
+User=http
 
 [Install]
-WantedBy=default.target
+WantedBy=multi-user.target
author	David Runge	2020-10-23 01:38:30 +0200
committer	David Runge	2020-10-23 01:38:30 +0200
commit	172ceed52aeced8c2e79d5efd2f1cfeb3789bbec (patch)
tree	533ebcfc92f155a6d403221b33a3a9873b1b42e9
parent	8b6456cb9b7ec822b85585c65b46bca757aeed22 (diff)
download	aur-172ceed52aeced8c2e79d5efd2f1cfeb3789bbec.tar.gz