Make package closer to official package, provide caddy instead of caddy2 and move default Caddyfile in /etc/caddy (was /etc/caddy2)

6 files changed, 95 insertions, 44 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 18bd343d0b98..5d9eab975773 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,18 +1,29 @@
 pkgbase = caddy2
-	pkgdesc = Fast, cross-platform HTTP/2 web server with automatic HTTPS
+	pkgdesc = Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
 	pkgver = 2.0.0
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/caddyserver/caddy
 	arch = x86_64
 	license = Apache
 	makedepends = go
-	conflicts = caddy
-	source = caddy2-2.0.0.tar.gz::https://github.com/caddyserver/caddy/archive/v2.0.0.tar.gz
-	source = Caddyfile
+	makedepends = git
+	depends = glibc
+	provides = caddy
+	backup = etc/caddy/Caddyfile
+	backup = etc/caddy2/Caddyfile
+	source = git+https://github.com/caddyserver/caddy#tag=v2.0.0?signed
+	source = caddy-a509155e3cff18af793f6af5f930a71c89e05df8-index.html::https://raw.githubusercontent.com/caddyserver/dist/a509155e3cff18af793f6af5f930a71c89e05df8/welcome/index.html
 	source = caddy.service
-	sha256sums = 620e2a58ff904ae8bb9543cd5000d5806ba720f275dd6f4774cdc2abba0a746f
-	sha256sums = adf24a575a20ae9f503fac2348f7cfd26256f167992a1938f1a53a6d77b9b1f4
-	sha256sums = c3eb327ba564b167e508b2bfa76ef459cacef09fb2e67a7f09944cb8f92e3207
+	source = caddy.tmpfiles
+	source = Caddyfile
+	source = WarningCaddyfile
+	validpgpkeys = 29D0817A67156E4F25DC24782A349DD577D586A5
+	sha512sums = SKIP
+	sha512sums = 2abccd41f770daebf61285dc017249f20c707877ea3c870f4a2375bbbd2bf481a8652d1fd3c7afd7d6b5c54838e9d8474a33e2c9790ef67dcf9d79c4e52953b4
+	sha512sums = cbda05e4472ac07455dd0a384dec2e7d2b1fbae356d6aa0f08e3de6d4fad06b51bee0352565861d57f3af5f83a39b84e14c9456eabf5f1ea940c4c06986c620a
+	sha512sums = 2c45974647859a6fa9096aeb9ec0a32270adc863b90932133886eadd87d94a9f59713e185b86e8c8f01c8e11742cabac2cc3abadeef9ebd2534ac2acb9b20061
+	sha512sums = 7599f0b0af3b0380d90d805a5b4b9ab8d377727f4a1f6d59d1d30cd4c767aa45b9bbde56dafc88936640fb375fed265ed0489a5039e2c9f5aafd53bd692031e5
+	sha512sums = f130d00b269b919a2a8c533834b62c87462501b33a7a4e585c433535767494a525900732de93c5cd4151bdb68bc6d97a909c6364c312bfa5340b9de6110ec45d
 
 pkgname = caddy2
 
diff --git a/Caddyfile b/Caddyfile
index d8b303be5292..8df7097eb565 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,8 +1,9 @@
-{
-    storage file_system {
-        root /var/lib/caddy2
-    }
-}
-
-# config goes below
+# This is an example default caddy file that serves static files
+#
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/
 
+:80 {
+	root * /usr/share/caddy
+	file_server
+}
diff --git a/PKGBUILD b/PKGBUILD
index 804df935c419..795a00ee9a11 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,34 +3,61 @@
 # Contributor: Poscat <poscat at mail dot poscat dot moe>
 
 pkgname=caddy2
+_pkgname=caddy
 pkgver=2.0.0
-pkgrel=1
-pkgdesc='Fast, cross-platform HTTP/2 web server with automatic HTTPS'
+_tag=v2.0.0
+_distcommit='a509155e3cff18af793f6af5f930a71c89e05df8'
+pkgrel=2
+pkgdesc="Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go"
 arch=('x86_64')
+url="https://github.com/caddyserver/caddy"
 license=('Apache')
-url='https://github.com/caddyserver/caddy'
-depends=()
-conflicts=('caddy')
-makedepends=('go')
-source=("$pkgname-$pkgver.tar.gz::https://github.com/caddyserver/caddy/archive/v${pkgver}.tar.gz"
-        "Caddyfile"
-        "caddy.service")
+depends=('glibc')
+makedepends=('go' 'git')
+provides=('caddy')
+backup=('etc/caddy/Caddyfile' 'etc/caddy2/Caddyfile')
+source=("git+https://github.com/caddyserver/caddy#tag=${_tag}?signed"
+        "caddy-${_distcommit}-index.html::https://raw.githubusercontent.com/caddyserver/dist/${_distcommit}/welcome/index.html"
+        'caddy.service'
+        'caddy.tmpfiles'
+        'Caddyfile'
+        'WarningCaddyfile')
+sha512sums=('SKIP'
+            '2abccd41f770daebf61285dc017249f20c707877ea3c870f4a2375bbbd2bf481a8652d1fd3c7afd7d6b5c54838e9d8474a33e2c9790ef67dcf9d79c4e52953b4'
+            'cbda05e4472ac07455dd0a384dec2e7d2b1fbae356d6aa0f08e3de6d4fad06b51bee0352565861d57f3af5f83a39b84e14c9456eabf5f1ea940c4c06986c620a'
+            '2c45974647859a6fa9096aeb9ec0a32270adc863b90932133886eadd87d94a9f59713e185b86e8c8f01c8e11742cabac2cc3abadeef9ebd2534ac2acb9b20061'
+            '7599f0b0af3b0380d90d805a5b4b9ab8d377727f4a1f6d59d1d30cd4c767aa45b9bbde56dafc88936640fb375fed265ed0489a5039e2c9f5aafd53bd692031e5'
+            'f130d00b269b919a2a8c533834b62c87462501b33a7a4e585c433535767494a525900732de93c5cd4151bdb68bc6d97a909c6364c312bfa5340b9de6110ec45d')
+validpgpkeys=(
+  '29D0817A67156E4F25DC24782A349DD577D586A5' # Matthew Holt <mholt@users.noreply.github.com>
+)
 
-sha256sums=('620e2a58ff904ae8bb9543cd5000d5806ba720f275dd6f4774cdc2abba0a746f'
-            'adf24a575a20ae9f503fac2348f7cfd26256f167992a1938f1a53a6d77b9b1f4'
-            'c3eb327ba564b167e508b2bfa76ef459cacef09fb2e67a7f09944cb8f92e3207')
+pkgver() {
+  cd ${_pkgname}
+  git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
+}
+
+prepare() {
+  sed 's|/var/www/html|/srv/http|g' -i "${srcdir}/caddy-${_distcommit}-index.html"
+}
 
 build() {
-  cd ${srcdir}/caddy-${pkgver}
-  export GOPATH="$srcdir"
-  go build -v -o caddy cmd/caddy/main.go
+  cd "${_pkgname}/cmd/caddy/"
+  go build -trimpath -ldflags "-extldflags ${LDFLAGS}" -o $pkgname
 }
 
-package() {
-  mkdir -p "$pkgdir/var/lib/caddy2"
-  install -D -m 0644 Caddyfile "$pkgdir/etc/caddy2/Caddyfile"
-  install -D -m 0644 caddy.service "$pkgdir/usr/lib/systemd/system/caddy.service"
-  cd ${srcdir}/caddy-${pkgver}
-  install -D -m 0755 caddy "$pkgdir/usr/bin/caddy"
+check() {
+  cd "caddy"
+  go test ./...
 }
 
+package() {
+  cd "caddy"
+  install -Dm755 "cmd/caddy/${pkgname}" "${pkgdir}/usr/bin/${_pkgname}"
+  install -Dm 644 "${srcdir}/caddy.service" -t "${pkgdir}/usr/lib/systemd/system"
+  install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
+  install -Dm 644 "${srcdir}/Caddyfile" "${pkgdir}/etc/caddy/Caddyfile"
+  install -Dm 644 "${srcdir}/WarningCaddyfile" "${pkgdir}/etc/caddy2/Caddyfile"
+  install -Dm 644 "${srcdir}/caddy-${_distcommit}-index.html" "${pkgdir}/usr/share/caddy/index.html"
+  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
diff --git a/WarningCaddyfile b/WarningCaddyfile
new file mode 100644
index 000000000000..0b4a5c433cd4
--- /dev/null
+++ b/WarningCaddyfile
@@ -0,0 +1 @@
+# This file was moved to /etc/caddy/Caddyfile
diff --git a/caddy.service b/caddy.service
index 74bff04f37ad..0e3800c31e0c 100644
--- a/caddy.service
+++ b/caddy.service
@@ -1,22 +1,31 @@
 [Unit]
-Description=Caddy 2 HTTP/2 web server
-After=network-online.target
+Description=Caddy Web Server
+Documentation=https://caddyserver.com/docs/
+After=network.target
 
 [Service]
 User=http
 Group=http
-ExecStart=/usr/bin/caddy run --config /etc/caddy2/Caddyfile --adapter caddyfile
-ExecReload=/usr/bin/caddy reload --config /etc/caddy2/Caddyfile --adapter caddyfile
+ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --resume --environ
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
 ExecStop=/usr/bin/caddy stop
+TimeoutStopSec=5s
 LimitNOFILE=1048576
-LimitNPROC=64
+LimitNPROC=512
+
+# Hardening options
 PrivateTmp=true
+ProtectSystem=strict
 PrivateDevices=true
 ProtectHome=true
-ProtectSystem=strict
-ReadWritePaths=/var/lib/caddy2
+ReadWritePaths=/var/lib/caddy /var/log/caddy /srv/http
 AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
 
 [Install]
 WantedBy=multi-user.target
-
diff --git a/caddy.tmpfiles b/caddy.tmpfiles
new file mode 100644
index 000000000000..b425ffa652e1
--- /dev/null
+++ b/caddy.tmpfiles
@@ -0,0 +1,2 @@
+d /var/lib/caddy 0750 http http
+d /var/log/caddy 0750 http http
\ No newline at end of file