Overhaul, use systemd-{sysusers,tmpfiles}

Move settings file to /etc/searx.conf and make it only readable by the searx user.
author: Jean Lucas 2019-04-07 22:20:35 -0400
committer: Jean Lucas 2019-04-08 00:00:08 -0400
commit: ef14df12f3a15290749f15f50f21e4ed966ed3cb (patch)
tree: 4b7abe40214ae0c498a93d41bd1c418eda4fa46d
parent: da587ff84c1a620c1fe7dbf5c34a9ec2a63651a5 (diff)
download: aur-ef14df12f3a15290749f15f50f21e4ed966ed3cb.tar.gz
6 files changed, 48 insertions, 35 deletions
diff --git a/.SRCINFO b/.SRCINFO
index ad345ecff24a..92401860e23b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,8 @@
 # Generated by mksrcinfo v8
-# Sat Aug 11 05:06:31 UTC 2018
+# Mon Apr  8 03:58:08 UTC 2019
 pkgbase = searx-git
 	pkgdesc = Privacy-respecting metasearch engine (git)
-	pkgver = 0.14.0+84+geea2e8e5
+	pkgver = 0.15.0+47+ga80a2d05
 	pkgrel = 1
 	url = https://asciimoo.github.io/searx/
 	install = searx.install
@@ -21,15 +21,21 @@ pkgbase = searx-git
 	depends = python2-yaml
 	depends = python2-requests
 	depends = python2-pysocks
+	optdepends = filtron: Filtering reverse-HTTP proxy
+	optdepends = filtron-git: Filtering reverse-HTTP proxy (git)
 	optdepends = morty: Privacy-aware web content sanitizer proxy-as-a-service
-	optdepends = morty-git: Privacy-aware web content sanitizer proxy-as-a-service (Git)
+	optdepends = morty-git: Privacy-aware web content sanitizer proxy-as-a-service (git)
 	provides = searx
 	conflicts = searx
-	backup = etc/searx/settings.yml
+	backup = etc/searx.conf
 	source = git+https://github.com/asciimoo/searx
 	source = searx.service
+	source = searx.sysusers.d
+	source = searx.tmpfiles.d
 	sha512sums = SKIP
-	sha512sums = 6bcc5854ebbe8a50f9929714d6d00f2b273b9c7dda16289868727edf2cf7f6c42b5de5d696efdc725b255f31f5d94867c05e94f7563adf587bc0a750212562ad
+	sha512sums = cc58068e502b088c61016a5cd25db248f5fae146f18e00253f3aa0ccd666189ef3a407e00bf9181c23e643e68df7e4f9eec295bf680c982052978c2786325d0a
+	sha512sums = 39b765ade096778ad945725e0ca5c0919e4baff4e7a466e0d093e68d1a92c563a5437caed01e44accf04ac51450007e659435d32a84e818df213de3f9e546793
+	sha512sums = 40d749415d0db1033d779eda0c0543f2713896d442fea111d46996c216ccbcfabe42660c37b03282297ad3de8f2de7369366aa5c143b35382984506e93eecd8b
 
 pkgname = searx-git
 
diff --git a/PKGBUILD b/PKGBUILD
index 09f93e19f062..065ba54b361e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 # Contributor: Reventlov <contact+aur at volcanis dot me>
 
 pkgname=searx-git
-pkgver=0.14.0+84+geea2e8e5
+pkgver=0.15.0+47+ga80a2d05
 pkgrel=1
 pkgdesc='Privacy-respecting metasearch engine (git)'
 arch=(any)
@@ -20,16 +20,22 @@ depends=(python2-certifi
          python2-requests
          python2-pysocks)
 makedepends=(git openssl)
-optdepends=('morty: Privacy-aware web content sanitizer proxy-as-a-service'
-            'morty-git: Privacy-aware web content sanitizer proxy-as-a-service (Git)')
+optdepends=('filtron: Filtering reverse-HTTP proxy'
+            'filtron-git: Filtering reverse-HTTP proxy (git)'
+            'morty: Privacy-aware web content sanitizer proxy-as-a-service'
+            'morty-git: Privacy-aware web content sanitizer proxy-as-a-service (git)')
 provides=(searx)
 conflicts=(searx)
-backup=(etc/searx/settings.yml)
+backup=(etc/searx.conf)
 install=searx.install
 source=(git+https://github.com/asciimoo/searx
-        searx.service)
-sha512sums=(SKIP
-            6bcc5854ebbe8a50f9929714d6d00f2b273b9c7dda16289868727edf2cf7f6c42b5de5d696efdc725b255f31f5d94867c05e94f7563adf587bc0a750212562ad)
+        searx.service
+        searx.sysusers.d
+        searx.tmpfiles.d)
+sha512sums=('SKIP'
+            'cc58068e502b088c61016a5cd25db248f5fae146f18e00253f3aa0ccd666189ef3a407e00bf9181c23e643e68df7e4f9eec295bf680c982052978c2786325d0a'
+            '39b765ade096778ad945725e0ca5c0919e4baff4e7a466e0d093e68d1a92c563a5437caed01e44accf04ac51450007e659435d32a84e818df213de3f9e546793'
+            '40d749415d0db1033d779eda0c0543f2713896d442fea111d46996c216ccbcfabe42660c37b03282297ad3de8f2de7369366aa5c143b35382984506e93eecd8b')
 
 pkgver() {
   cd searx
@@ -38,14 +44,18 @@ pkgver() {
 
 prepare() {
   cd searx
-  sed -i 's|==|>=|g' requirements.txt
-  sed -i "s/ultrasecretkey\" # change this!/`openssl rand -hex 128`\"/g" searx/settings.yml
 
-  # If morty is installed, add it's key to searx settings
-  msg2 'Checking for morty installation...'
+  # Allow newer versions of Python 2 libraries since we like to break stuff
+  sed -i 's/==/>=/g' requirements.txt
+
+  # Generate super secret key
+  sed -i "s/ultrasecretkey\" # change this!/`openssl rand -hex 32`\"/" searx/settings.yml
+
+  # Add Morty key if it's installed
+  msg2 'Checking for Morty...'
   if [ -f /usr/bin/morty ]; then
-    sed -i "s/your_morty_proxy_key/$(cat /usr/lib/systemd/system/morty.service |
-        grep key | awk '{print $5}')/" searx/settings.yml &&
+    sed -i "s/your_morty_proxy_key/`cat /usr/lib/systemd/system/morty.service |
+        grep key | awk '{print $5}'`/" searx/settings.yml &&
       msg2 'Morty found; added key to searx settings.'
   else
     msg2 'Morty not found.'
@@ -55,10 +65,16 @@ prepare() {
 }
 
 package() {
-  install -Dm 644 searx.service "$pkgdir"/usr/lib/systemd/system/searx.service
+  install -Dm 644 searx.service -t "$pkgdir"/usr/lib/systemd/system
+  install -Dm 644 searx.sysusers.d "$pkgdir"/usr/lib/sysusers.d/searx.conf
+  install -Dm 644 searx.tmpfiles.d "$pkgdir"/usr/lib/tmpfiles.d/searx.conf
+
   cd searx
   python2 setup.py install --root="$pkgdir" --optimize=1
-  mv "$pkgdir"/usr/lib/python2.7/site-packages/{README.rst,requirements*,tests,searx}
-  install -Dm 644 searx/settings.yml "$pkgdir"/etc/searx/settings.yml
-  install -Dm 644 LICENSE "$pkgdir"/usr/share/licenses/searx/LICENSE
+
+  # Move searx files into searx folder since they're incorrectly spread out
+  mv "$pkgdir"/usr/lib/python2.7/site-packages/{README.rst,requirements*,searx}
+
+  install -Dm 600 searx/settings.yml "$pkgdir"/etc/searx.conf
+  install -Dm 644 LICENSE -t "$pkgdir"/usr/share/licenses/searx
 }
diff --git a/searx.install b/searx.install
index eb8d25ee51e8..4c556ece97f5 100644
--- a/searx.install
+++ b/searx.install
@@ -1,14 +1,3 @@
 post_install() {
-  getent passwd searx > /dev/null ||
-    useradd -rb /usr/lib/python2.7/site-packages -s /sbin/nologin searx
-
-  echo 'Settings are at /etc/searx/settings.yml'
-}
-
-post_upgrade() {
-  post_install
-}
-
-post_remove() {
-  echo 'You may want to remove the searx user.'
+  echo 'Settings are at /etc/searx.conf'
 }
diff --git a/searx.service b/searx.service
index dfa3ccb95fbf..b7df1c76d40c 100644
--- a/searx.service
+++ b/searx.service
@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=searx
-Environment=SEARX_SETTINGS_PATH=/etc/searx/settings.yml
+Environment=SEARX_SETTINGS_PATH=/etc/searx.conf
 PrivateTmp=true
 PrivateDevices=true
 # Prevent access to /home, /root, and /run/user
diff --git a/searx.sysusers.d b/searx.sysusers.d
new file mode 100644
index 000000000000..af3bad2074b7
--- /dev/null
+++ b/searx.sysusers.d
@@ -0,0 +1 @@
+u searx - "Searx user"
diff --git a/searx.tmpfiles.d b/searx.tmpfiles.d
new file mode 100644
index 000000000000..a02463b4904a
--- /dev/null
+++ b/searx.tmpfiles.d
@@ -0,0 +1 @@
+Z /etc/searx.conf - searx searx
author	Jean Lucas	2019-04-07 22:20:35 -0400
committer	Jean Lucas	2019-04-08 00:00:08 -0400
commit	ef14df12f3a15290749f15f50f21e4ed966ed3cb (patch)
tree	4b7abe40214ae0c498a93d41bd1c418eda4fa46d
parent	da587ff84c1a620c1fe7dbf5c34a9ec2a63651a5 (diff)
download	aur-ef14df12f3a15290749f15f50f21e4ed966ed3cb.tar.gz