summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Anderson2016-12-10 12:44:41 -0800
committerEric Anderson2016-12-10 12:44:41 -0800
commit2e63277a928efa2dfc7261ed94895bf8f5f75789 (patch)
treed5bf8edb9f7460a3728d0cb86c4a25b39a6024be
parent9d3c1c043b866e51b02f1dfa2a744aa246f2632c (diff)
downloadaur-2e63277a928efa2dfc7261ed94895bf8f5f75789.tar.gz
Security-harden service file
Diffstat
-rw-r--r--.SRCINFO6
-rw-r--r--PKGBUILD4
-rw-r--r--pkgdistcached.service12
3 files changed, 17 insertions, 5 deletions
diff --git a/.SRCINFO b/.SRCINFO
index af411c922973..dcd9f5334dff 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
# Generated by mksrcinfo v8
-# Sat Dec 3 23:18:30 UTC 2016
+# Sat Dec 10 20:44:35 UTC 2016
pkgbase = pkgdistcache
pkgdesc = A distributed local-network cache for pacman packages
pkgver = 0.3.2
- pkgrel = 1
+ pkgrel = 2
url = http://venator.ath.cx/dw/doku.php?id=linux:pkgdistcache
install = pkgdistcache.install
arch = any
@@ -19,7 +19,7 @@ pkgbase = pkgdistcache
sha256sums = d53ba7417b6d6db3c36876f7ef92933553ce27597b94ce727deeef8c6edac1f8
sha256sums = e12d6d6db8b13895245694966d9ab076ffbe8eae3a3e0070cb376861d3ed0452
sha256sums = d77ac418aa651bc622cd91204d6907554c6cdb4bb989e484cc54da32342faa51
- sha256sums = 5eb96f9e4bcec466d097ac46d72fd9626fb36bd61a3d3ceb1ca69706036f27c2
+ sha256sums = fdfa58e652230725a232de41c87627ed8c9a4fd9d081c8a3d261ea75cf91a81a
pkgname = pkgdistcache
diff --git a/PKGBUILD b/PKGBUILD
index 51676f05ed7a..14c8cb6e912b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
pkgname=pkgdistcache
pkgver=0.3.2
-pkgrel=1
+pkgrel=2
pkgdesc='A distributed local-network cache for pacman packages'
arch=('any')
url='http://venator.ath.cx/dw/doku.php?id=linux:pkgdistcache'
@@ -17,7 +17,7 @@ source=('pkgdistcache-client'
sha256sums=('d53ba7417b6d6db3c36876f7ef92933553ce27597b94ce727deeef8c6edac1f8'
'e12d6d6db8b13895245694966d9ab076ffbe8eae3a3e0070cb376861d3ed0452'
'd77ac418aa651bc622cd91204d6907554c6cdb4bb989e484cc54da32342faa51'
- '5eb96f9e4bcec466d097ac46d72fd9626fb36bd61a3d3ceb1ca69706036f27c2')
+ 'fdfa58e652230725a232de41c87627ed8c9a4fd9d081c8a3d261ea75cf91a81a')
package() {
install -d "${pkgdir}/usr/bin/"
diff --git a/pkgdistcached.service b/pkgdistcached.service
index 2dfa1ec4043b..5827192dabc5 100644
--- a/pkgdistcached.service
+++ b/pkgdistcached.service
@@ -3,6 +3,18 @@ Description=Distributed pacman package cache
[Service]
ExecStart=/usr/bin/pkgdistcache-daemon -F
+User=nobody
+Group=nobody
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
[Install]
WantedBy=multi-user.target