diff options
| author | Xiretza | 2021-02-01 11:56:03 +0100 |
|---|---|---|
| committer | Xiretza | 2021-02-01 11:56:03 +0100 |
| commit | f2efd37fddb3684b820e645550d419546d64a790 (patch) | |
| tree | b4dd9e285e2bbca2f9fd1e6a45da926fb7247cca | |
| parent | cec9ba50198e890734540d324805c80aa6fe69f1 (diff) | |
| download | aur-f2efd37fddb3684b820e645550d419546d64a790.tar.gz | |
Fix package, harden systemd units
| -rw-r--r-- | .SRCINFO | 13 | ||||
| -rw-r--r-- | PKGBUILD | 32 | ||||
| -rw-r--r-- | vlmcsd.service | 28 | ||||
| -rw-r--r-- | vlmcsd@.service | 34 |
4 files changed, 81 insertions, 26 deletions
@@ -1,21 +1,22 @@ pkgbase = vlmcsd-git pkgdesc = KMS Emulator in C (for activating Microsoft products) - pkgver = r13.fcbbc40 + pkgver = r29.65228e5 pkgrel = 1 - url = https://forums.mydigitallife.info/threads/50234-Emulated-KMS-Servers-on-non-Windows-platforms + url = https://github.com/Wind4/vlmcsd arch = i686 arch = x86_64 arch = aarch64 license = unknown + makedepends = git provides = vlmcsd - conflicts = vlmcsd-svn - source = vlmcsd::git+https://github.com/Wind4/vlmcsd.git + conflicts = vlmcsd + source = git+https://github.com/Wind4/vlmcsd.git source = vlmcsd.service source = vlmcsd@.service source = vlmcsd.socket sha256sums = SKIP - sha256sums = 83e7e75f5874c17bfa40f08eea134ba636d7ac9864eea2c4ad1ae8159ec9af74 - sha256sums = 5e1f1c556f16e61fcdaa197f9ada9d3d2a8d91d4b14b36e85181b323b3475623 + sha256sums = 6fe8070a5d2d28f8a8179c9d02d5a905725e2e978af7e340a47024fa77809d02 + sha256sums = 7ff86964df9796d30fe22c96b5ba843ef9f170d7a23c6e17565e312db59f20d7 sha256sums = e791484ed6d747f4e17f004894350ef610215c94fe444bfa623755ce17a29e6b pkgname = vlmcsd-git @@ -1,22 +1,23 @@ # Maintainer: phariseo <phariseo@hush.com> _pkgname=vlmcsd pkgname=$_pkgname-git -pkgver=r13.fcbbc40 +pkgver=r29.65228e5 pkgrel=1 pkgdesc="KMS Emulator in C (for activating Microsoft products)" arch=('i686' 'x86_64' 'aarch64') -url="https://forums.mydigitallife.info/threads/50234-Emulated-KMS-Servers-on-non-Windows-platforms" +url="https://github.com/Wind4/vlmcsd" license=('unknown') provides=('vlmcsd') -conflicts=('vlmcsd-svn') -source=("$_pkgname::git+https://github.com/Wind4/vlmcsd.git" +conflicts=('vlmcsd') +makedepends=('git') +source=("git+$url.git" 'vlmcsd.service' 'vlmcsd@.service' 'vlmcsd.socket') sha256sums=('SKIP' - '83e7e75f5874c17bfa40f08eea134ba636d7ac9864eea2c4ad1ae8159ec9af74' - '5e1f1c556f16e61fcdaa197f9ada9d3d2a8d91d4b14b36e85181b323b3475623' - 'e791484ed6d747f4e17f004894350ef610215c94fe444bfa623755ce17a29e6b') + '6fe8070a5d2d28f8a8179c9d02d5a905725e2e978af7e340a47024fa77809d02' + '7ff86964df9796d30fe22c96b5ba843ef9f170d7a23c6e17565e312db59f20d7' + 'e791484ed6d747f4e17f004894350ef610215c94fe444bfa623755ce17a29e6b') pkgver() { cd "$_pkgname" @@ -31,24 +32,21 @@ build() { } package() { + for unit in vlmcsd.service vlmcsd@.service vlmcsd.socket; do + install -Dm644 "$srcdir/$unit" "$pkgdir/usr/lib/systemd/system/$unit" + done + cd "$_pkgname" - pushd bin for bin in vlmcs{d,}; do - install -Dm755 $bin "$pkgdir"/usr/bin/$bin + install -Dm755 "bin/$bin" "$pkgdir/usr/bin/$bin" done - popd - pushd ../ - for unit in vlmcsd.service vlmcsd@.service vlmcsd.socket; do - install -Dm644 "$srcdir"/$unit "$pkgdir"/usr/lib/systemd/system/$unit - done - popd + cd man - pushd man for manpage in *.[0-9]; do section=${manpage##*.} - install -Dm644 $manpage.gz "$pkgdir"/usr/share/man/man$section/$manpage.gz + install -Dm644 "$manpage.gz" "$pkgdir/usr/share/man/man$section/$manpage.gz" done } diff --git a/vlmcsd.service b/vlmcsd.service index e499d0880938..8eaf331274b0 100644 --- a/vlmcsd.service +++ b/vlmcsd.service @@ -2,8 +2,34 @@ Description=KMS Emulator [Service] +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=true +CapabilityBoundingSet= +NoNewPrivileges=true +LockPersonality=true +RestrictRealtime=true +MemoryDenyWriteExecute=true + +ProtectHome=true +ProtectSystem=strict +PrivateDevices=true +PrivateUsers=true +ProtectClock=true +ProtectProc=invisible +ProcSubset=pid +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +DevicePolicy=closed + +DynamicUser=true + Type=forking -User=nobody ExecStart=/usr/bin/vlmcsd [Install] diff --git a/vlmcsd@.service b/vlmcsd@.service index 94e50e58e09e..1a23d7e1f406 100644 --- a/vlmcsd@.service +++ b/vlmcsd@.service @@ -2,7 +2,37 @@ Description=KMS Emulator Per-Connection [Service] -User=nobody -ExecStart=/usr/bin/vlmcsd +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=true +CapabilityBoundingSet= +NoNewPrivileges=true +LockPersonality=true +RestrictRealtime=true +MemoryDenyWriteExecute=true + +ProtectHome=true +ProtectSystem=strict +PrivateDevices=true +PrivateUsers=true +ProtectClock=true +ProtectProc=invisible +ProcSubset=pid +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +DevicePolicy=closed + +PrivateNetwork=true +RestrictAddressFamilies=~AF_INET AF_INET6 +IPAddressDeny=any + +DynamicUser=true + StandardInput=socket StandardOutput=socket +ExecStart=/usr/bin/vlmcsd |