extend service file

author: Severin Glöckner 2018-12-26 16:30:34 +0100
committer: Severin Glöckner 2018-12-26 16:30:34 +0100
commit: e400d9a2ad501bd4764ec2162aeaf3ba8149d720 (patch)
tree: 188bacaf4e24867e339ee7643535653968efdfac
parent: 13fab7d93cb6604216e218464745bdd491eb1a00 (diff)
download: aur-e400d9a2ad501bd4764ec2162aeaf3ba8149d720.tar.gz
3 files changed, 35 insertions, 17 deletions
diff --git a/.SRCINFO b/.SRCINFO
index f914ed6f2da4..5e9bffe7cdae 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -29,7 +29,7 @@ pkgbase = wesnoth-1.6
 	source = wesnoth-1.6.appdata.xml
 	md5sums = 99f136647c5af1820d0132df08350965
 	md5sums = ec9cab718ba96b7a4c85c224f6b747c3
-	md5sums = c537d69cb8338594a606ebbc93cbd00e
+	md5sums = bb74eacfd1de53ab13a5fe8ae93c146d
 	md5sums = 1018b1fae1a65d49bed1094ba0280d87
 
 pkgname = wesnoth-1.6
diff --git a/PKGBUILD b/PKGBUILD
index d5dac1fa9c47..c429a79ebbbc 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -23,12 +23,12 @@ source=("wesnoth-1.6.desktop"
         "wesnothd-1.6.tmpfiles.conf"
         "wesnothd-1.6.service"
         "wesnoth-1.6.appdata.xml")
-# Not finding the files? https://aur.archlinux.org/packages/wesnoth-1.6/
+# Not finding the files? https://aur.archlinux.org/packages/wesnoth-1.6
 # Rest assured, they are optional. Things like a launcher for your convenience…
 
 md5sums=('99f136647c5af1820d0132df08350965'
          'ec9cab718ba96b7a4c85c224f6b747c3'
-         'c537d69cb8338594a606ebbc93cbd00e'
+         'bb74eacfd1de53ab13a5fe8ae93c146d'
          '1018b1fae1a65d49bed1094ba0280d87')
 
 PKGEXT='.pkg.tar'
@@ -55,7 +55,9 @@ build() {
 
   # It's a convention to use /usr/local when installing by hand, it allows you
   # to keep easier track of what was installed.
-  # Feel free to replace ALL occurences of /usr with /usr/local below.
+  # Feel free to replace ALL occurences of /usr with /usr/local in the commands
+  # below, and edit the start command in the file wesnothd-1.6.service.
+
   rm -rf build && mkdir -p build && cd build
   cmake ../wesnoth-1.6-git \
       -DCMAKE_INSTALL_PREFIX=/usr \
@@ -78,6 +80,8 @@ build() {
 # For the Archlinux package this is no problem because the files are installed
 # into the empty $pkgdir, and it's content is copied later to the system.
 
+# Thes commands below have to be run with root privileges.
+# E.g. by prefixing them with "sudo ".
 package() {
   cd build
 
@@ -103,12 +107,8 @@ package() {
 
   install -D -m644 "$srcdir/wesnoth-1.6.appdata.xml" "$pkgdir/usr/share/metainfo/wesnoth-1.6.appdata.xml"
 
-  # On other Linux systems, use /etc instead of /usr/lib for the files below
+  # On other Linux systems, use /etc instead of /usr/lib for the two files below
   install -D -m644 "$srcdir/wesnothd-1.6.tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/wesnothd-1.6.conf"
-
-  # On Debian / Ubuntu / Mint, edit the file and change:
-  # Group=nobody to Group=nogroup
-  # /usr/bin/rm to /bin/rm
   install -D -m644 "$srcdir/wesnothd-1.6.service" "$pkgdir/usr/lib/systemd/system/wesnothd-1.6.service"
 
   # All done, but it doesn't show up? Try that:
diff --git a/wesnothd-1.6.service b/wesnothd-1.6.service
index 31cb9b2577f7..0dd6a9fbf089 100644
--- a/wesnothd-1.6.service
+++ b/wesnothd-1.6.service
@@ -3,22 +3,40 @@ Description=Wesnoth-1.6 Server Daemon
 Documentation=https://www.wesnoth.org/wiki/ServerAdministration
 Documentation=man:wesnothd-1.6(6)
 After=network.target
-# They use by default the same port
+# They use by default the same port. The -p option can be used to change it.
 Conflicts=wesnothd.service wesnothd-1.0.servicewesnothd-1.2.service wesnothd-1.4.service wesnothd-1.8.service wesnothd-1.10.service wesnothd-1.12.service wesnothd-1.14.service wesnothd-devel.service wesnothd-git.service
 
 [Service]
+# If wesnothd is started from within the game it runs under a different user.
+# Deleting the pipe resets owner, group and mode.
+ExecStopPre=/bin/rm -f /run/wesnothd-1.4/socket
+
 ExecStart=/usr/bin/wesnothd-1.6 -t 2 -T 5
-# you can use -c to specify the same configuration file
-# which is used when starting wensothd from the wesnoth UI
-# (and make sure wesnothd has the required access permissions)
+# You can use -c to specify a same configuration file
+# (and make sure wesnothd has the required access permissions).
 
 SyslogIdentifier=Wesnothd-1.6
 User=nobody
-Group=nobody
-ExecStopPost=/usr/bin/rm -f /run/wesnothd-1.6/socket
+Group=users
+
+# Remove remaining administration pipe:
+ExecStopPost=/bin/rm -f /run/wesnothd-1.6/socket
 
-# Additional security-related features
-ProtectSystem=yes
+# Additional security-related features:
+ProtectSystem=strict
+ProtectHome=yes
+# When specifying with the -c option a file in the home directory,
+# set ProtectHome=read-only and whitelist the directory or file with
+# ReadWritePaths.
+ReadWritePaths=/run/wesnothd-1.6
+InaccessiblePaths=/usr/include
+InaccessiblePaths=/usr/src
+InaccessiblePaths=/boot
+InaccessiblePaths=/media
+InaccessiblePaths=/mnt
+InaccessiblePaths=/srv
+InaccessiblePaths=/opt
+InaccessiblePaths=/var
 PrivateTmp=yes
 PrivateDevices=yes
 NoNewPrivileges=yes
author	Severin Glöckner	2018-12-26 16:30:34 +0100
committer	Severin Glöckner	2018-12-26 16:30:34 +0100
commit	e400d9a2ad501bd4764ec2162aeaf3ba8149d720 (patch)
tree	188bacaf4e24867e339ee7643535653968efdfac
parent	13fab7d93cb6604216e218464745bdd491eb1a00 (diff)
download	aur-e400d9a2ad501bd4764ec2162aeaf3ba8149d720.tar.gz