diff options
| author | Mattias Giese | 2022-06-06 18:12:24 +0200 |
|---|---|---|
| committer | Mattias Giese | 2022-06-06 18:12:24 +0200 |
| commit | 7ceb72cf6e035042168e4943703c185bb3e761b8 (patch) | |
| tree | 571c810553e7827c5c13cc446785aa8a61edbb48 | |
| parent | 65aaa25a438c75e7e043e6ea828a1a67ad1831f0 (diff) | |
| download | aur-7ceb72cf6e035042168e4943703c185bb3e761b8.tar.gz | |
Bump to newest release
* fix broken scripts, internalize them here
* bump to 4.1.7
| -rw-r--r-- | .SRCINFO | 17 | ||||
| -rw-r--r-- | PKGBUILD | 20 | ||||
| -rw-r--r-- | jool.service | 39 | ||||
| -rw-r--r-- | jool_siit.service | 39 |
4 files changed, 97 insertions, 18 deletions
@@ -1,18 +1,18 @@ pkgbase = jool pkgdesc = Open Source SIIT and NAT64 for Linux. - pkgver = 4.1.5 + pkgver = 4.1.7 pkgrel = 1 url = https://www.jool.mx arch = x86_64 license = GPL2 makedepends = libnl - makedepends = iptables - source = https://github.com/NICMx/Jool/releases/download/v4.1.5/jool-4.1.5.tar.gz - source = https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool.service - source = https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool_siit.service - sha512sums = b1ddd4738ac3c2af607ca6cf298f949f087436b01d5b168d3f3496ba6f1586014958a348393c172599d9c5d42ba2e6e097895ef45db27e2759c89118a3ba33c9 - sha512sums = d3f6b88d4551c501455f1c1f8c33b7fbc667ae3d69c1793d230dcfc7b7b96fda46ac18449cacde54121e69f08de9a8eb97a5927b540381274b966cdeb3a84690 - sha512sums = 4078ea3a99831c7aa8d7b8d05529f27aaa7289a8cfae90d122fe69d782a30ea4d31f8f71a9edcdcec774b12cd329123607522640fcfc4eac4b588bbec70b5d92 + optdepends = iptables + source = https://github.com/NICMx/Jool/releases/download/v4.1.7/jool-4.1.7.tar.gz + source = jool.service + source = jool_siit.service + sha256sums = 31fab9f9994e769b117354934742cfd8fc35a6a0aabcf4bab912bae4868c3778 + sha256sums = 2d50ad60e284876f09051a4d44d4cc51da4b354cb4ff7acf85de864427d360b5 + sha256sums = 0de3cc336ec9587bb3d62c81062977687a439403cc30d14d9798502d8626ce5f pkgname = jool-tools pkgdesc = Open Source SIIT and NAT64 for Linux. - Userspace tools and libraries @@ -23,4 +23,3 @@ pkgname = jool-dkms depends = dkms optdepends = linux-headers: Build the module for Arch kernel optdepends = linux-lts-headers: Build the module for LTS Arch kernel - @@ -2,19 +2,21 @@ pkgbase=jool pkgname=(jool-tools jool-dkms) -pkgver=4.1.5 +pkgver=4.1.7 pkgrel=1 pkgdesc="Open Source SIIT and NAT64 for Linux." arch=('x86_64') url="https://www.jool.mx" license=('GPL2') -makedepends=('libnl' 'iptables') +makedepends=('libnl') +optdepends=('iptables') source=("https://github.com/NICMx/Jool/releases/download/v${pkgver}/jool-${pkgver}.tar.gz" - "https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool.service" - "https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool_siit.service") -sha512sums=('b1ddd4738ac3c2af607ca6cf298f949f087436b01d5b168d3f3496ba6f1586014958a348393c172599d9c5d42ba2e6e097895ef45db27e2759c89118a3ba33c9' - 'd3f6b88d4551c501455f1c1f8c33b7fbc667ae3d69c1793d230dcfc7b7b96fda46ac18449cacde54121e69f08de9a8eb97a5927b540381274b966cdeb3a84690' - '4078ea3a99831c7aa8d7b8d05529f27aaa7289a8cfae90d122fe69d782a30ea4d31f8f71a9edcdcec774b12cd329123607522640fcfc4eac4b588bbec70b5d92') + "jool.service" + "jool_siit.service" + ) +sha256sums=('31fab9f9994e769b117354934742cfd8fc35a6a0aabcf4bab912bae4868c3778' + '2d50ad60e284876f09051a4d44d4cc51da4b354cb4ff7acf85de864427d360b5' + '0de3cc336ec9587bb3d62c81062977687a439403cc30d14d9798502d8626ce5f') prepare() { cp -a "${pkgbase}-${pkgver}" "${pkgbase}-${pkgver}-dkms" @@ -31,8 +33,8 @@ package_jool-tools() { depends=('libnl') cd "${pkgbase}-${pkgver}" make DESTDIR="${pkgdir}" install - install -D -m0644 "${srcdir}/jool-tools.jool.service" "${pkgdir}/usr/lib/systemd/system/jool.service" - install -D -m0644 "${srcdir}/jool-tools.jool_siit.service" "${pkgdir}/usr/lib/systemd/system/jool_siit.service" + install -D -m0644 "${srcdir}/jool.service" "${pkgdir}/usr/lib/systemd/system/jool.service" + install -D -m0644 "${srcdir}/jool_siit.service" "${pkgdir}/usr/lib/systemd/system/jool_siit.service" } package_jool-dkms() { diff --git a/jool.service b/jool.service new file mode 100644 index 000000000000..0ed16b4f503c --- /dev/null +++ b/jool.service @@ -0,0 +1,39 @@ +[Unit] +Description=Stateful NAT64 +Documentation=https://jool.mx/en/documentation.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStartPre=/sbin/modprobe jool +ExecStart=/usr/bin/jool file handle /etc/jool/jool.conf +ExecStop=/usr/bin/jool -f /etc/jool/jool.conf instance remove +# Do not modprobe -r; some other instance could be running. + +ConditionPathExists=/etc/jool/jool.conf + +# -- Security Section -- +# Long story short: All the jool clients need is read access on the config +# files, and the Netlink socket to kernelspace. +# The ExecStartPre above also needs to be able to modify kernel modules. +# Everything else should probably be blocked. + +CapabilityBoundingSet=CAP_SYS_MODULE CAP_NET_ADMIN +NoNewPrivileges=yes +ProtectSystem=strict +ProtectHome=yes +InaccessiblePaths=/tmp /dev +ProtectKernelTunables=yes +ProtectKernelModules=no +ProtectControlGroups=yes +RestrictAddressFamilies=AF_NETLINK +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/jool_siit.service b/jool_siit.service new file mode 100644 index 000000000000..3b0aece4aa3c --- /dev/null +++ b/jool_siit.service @@ -0,0 +1,39 @@ +[Unit] +Description=Stateless IP/ICMP Translator +Documentation=https://jool.mx/en/documentation.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStartPre=/sbin/modprobe jool_siit +ExecStart=/usr/bin/jool_siit file handle /etc/jool/jool_siit.conf +ExecStop=/usr/bin/jool_siit -f /etc/jool/jool_siit.conf instance remove +# Do not modprobe -r; some other instance could be running. + +ConditionPathExists=/etc/jool/jool_siit.conf + +# -- Security Section -- +# Long story short: All the jool clients need is read access on the config +# files, and the Netlink socket to kernelspace. +# The ExecStartPre above also needs to be able to modify kernel modules. +# Everything else should probably be blocked. + +CapabilityBoundingSet=CAP_SYS_MODULE CAP_NET_ADMIN +NoNewPrivileges=yes +ProtectSystem=strict +ProtectHome=yes +InaccessiblePaths=/tmp /dev +ProtectKernelTunables=yes +ProtectKernelModules=no +ProtectControlGroups=yes +RestrictAddressFamilies=AF_NETLINK +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target |