diff options
author | banzay | 2017-10-09 01:18:47 +0300 |
---|---|---|
committer | banzay | 2017-10-09 01:18:47 +0300 |
commit | f002a0e2dfb2ec7bcd992440b47dc1af1d2f832e (patch) | |
tree | da923a50484870971a2f2966f122efa34f6e389b | |
parent | da68a5ca3893c50fdcdb9b073a1f223affd03964 (diff) | |
download | aur-f002a0e2dfb2ec7bcd992440b47dc1af1d2f832e.tar.gz |
package update
-rw-r--r-- | .SRCINFO | 78 | ||||
-rw-r--r-- | PKGBUILD | 155 | ||||
-rw-r--r-- | postgresql-1c.changelog | 15 | ||||
-rw-r--r-- | postgresql-check-db-dir | 49 | ||||
-rw-r--r-- | postgresql-var-run-socket.patch | 47 | ||||
-rw-r--r-- | postgresql.install | 53 | ||||
-rw-r--r-- | postgresql.logrotate | 4 | ||||
-rw-r--r-- | postgresql.pam | 3 | ||||
-rw-r--r-- | postgresql.service | 24 |
9 files changed, 318 insertions, 110 deletions
@@ -1,35 +1,57 @@ -# Generated by makepkg 4.2.1 -# Sat Aug 29 08:44:40 UTC 2015 pkgbase = postgresql-1c - pkgdesc = Custom version of PostgreSQL 9.4 for 1C system - pkgver = 9.4.2 - pkgrel = 2 - url = http://v8.1c.ru/overview/postgres_patches_notes.htm - install = postgresql.install + pkgdesc = Custom version of PostgreSQL 9.6 for 1C system + pkgver = 9.6.3 + pkgrel = 1 + url = https://www.postgresql.org/ + changelog = postgresql-1c.changelog arch = i686 arch = x86_64 - license = GPL - makedepends = rpmextract - makedepends = gcc - makedepends = make - makedepends = flex - makedepends = bison - depends = libxml2 - depends = libxslt - depends = icu - depends = openssl - conflicts = postgresql - conflicts = postgresql-libs - replaces = postgresql - replaces = postgresql-libs - source = http://v8.1c.ru/overview/postgresql_patches/9-4-2/postgresql94-9.4.2-1.1c.src.rpm - source = postgresql.conf + license = custom + makedepends = krb5 + makedepends = libxml2 + makedepends = python2 + makedepends = perl + makedepends = tcl>=8.6.0 + makedepends = openssl>=1.0.0 + makedepends = pam + source = https://ftp.postgresql.org/pub/source/v9.6.3/postgresql-9.6.3.tar.bz2 + source = postgresql-var-run-socket.patch + source = http://www.r-s-v.ru/1c-patch/1c-patch.tgz + source = postgresql.pam + source = postgresql.logrotate source = postgresql.service - source = postgresql.install - md5sums = 1b673a15fed9df8ca058bb8674dfd88a - md5sums = 7a510b5bcd4a5acb394a5dbf4286bb41 - md5sums = 9baf4f9dd1a5283b1577de5c4970f728 - md5sums = febdfca7e698211aa1ecf529e9a3140c + source = postgresql-check-db-dir + sha256sums = 1645b3736901f6d854e695a937389e68ff2066ce0cde9d73919d6ab7c995b9c6 + sha256sums = 887e567520d843f7e9f6e91820219979a4c6539d3ca6c56ebefd6d55360eddeb + sha256sums = 65cc43fbd76022254f31a5125deadb18e3240966dc058734d81fe602f99817d4 + sha256sums = 57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5 + sha256sums = 6abb842764bbed74ea4a269d24f1e73d1c0b1d8ecd6e2e6fb5fb10590298605e + sha256sums = c16981f70aca895d4a2adb36556213192776c1fc5bb75848a7f3211ad8d49c52 + sha256sums = 2340da0947bcb1c5602008d0ca00588ca0bfa8aca4fa6947a8bdb2c6df800b0e + sha512sums = 97141972e154e6b0e756ee6a4e20f26e82022a9fd4c56305314a3a5567a79ece638e4ac3d513b46138737ae6bd27a098f30013a94767db151181aac9c01290a1 + sha512sums = 279c119b0c177d49a22dff0e9eb047ecfca5419a2bdfbd9a5908f67dfb2467ba9cbf4eab6c5fd0f9f5d1412c44a9dd14f826a97c0a9b1b519eafdbade04b8c47 + sha512sums = cbc1c017b7b666ee9ac1cf7826d7cb51d90408398d633055c946aa9b18f5c2f26114f8deaf6867b05bae991693bea2859f65da2632f2bc81fa5cd2a382c2be13 + sha512sums = 1e6183ab0eb812b3ef687ac2c26ce78f7cb30540f606d20023669ac00ba04075487fb72e4dc89cc05dab0269ff6aca98fc1167cc75669c225b88b592482fbf67 + sha512sums = 9ab4da01337ffbab8faec0e220aaa2a642dbfeccf7232ef2645bdc2177a953f17ee3cc14a4d8f8ebd064e1dae8b3dba6029adbffb8afaabea383963213941ba8 + sha512sums = 32ae9fe9d7484f5254af3ae873d9469010581486081c92dc7c0fca6a4f763bc4f559e811b73e4eea4b2eff934f6b083aaed2e51fe517f018fc73bb1a3134232e + sha512sums = f12d8777ca819366eac959e023fedf2eb409aa3f358f56269e13e19185d6e9c93c1f2a6e37c8bc6465ab32a02ff83d9f196ddea3cddf24a9884be9ac6970dad2 pkgname = postgresql-1c + pkgdesc = Custom version of PostgreSQL 9.6 for 1C system + install = postgresql.install + depends = postgresql-libs>=9.6.3 + depends = krb5 + depends = libxml2 + depends = readline>=6.0 + depends = openssl>=1.0.0 + depends = pam + optdepends = python2: for PL/Python support + optdepends = perl: for PL/Perl support + optdepends = tcl: for PL/Tcl support + optdepends = postgresql-old-upgrade: upgrade from previous major version using pg_upgrade + provides = postgresql${pkgver} + conflicts = postgresql + options = staticlibs + backup = etc/pam.d/postgresql + backup = etc/logrotate.d/postgresql @@ -1,51 +1,116 @@ -# Maintainer: Ivan Agarkov <ivan.agarkov@gmail.com> -pkgname=postgresql-1c -pkgver=9.4.2 -pkgrel=2 -pkgdesc="Custom version of PostgreSQL 9.4 for 1C system" +# Maintainer: Mihail Repnenkov <mrepnenkov@gmail.com> +# Contributor: Ivan Agarkov <ivan.agarkov@gmail.com> +pkgname=('postgresql-1c') +pkgver=9.6.3 +_majorver=${pkgver%.*} +pkgrel=1 +pkgdesc="Custom version of PostgreSQL 9.6 for 1C system" +url='https://www.postgresql.org/' arch=('i686' 'x86_64') -url="http://v8.1c.ru/overview/postgres_patches_notes.htm" -license=('Custom') -depends=('libxml2' 'libxslt' 'icu' 'openssl') -makedepends=('rpmextract' 'gcc' 'make' 'flex' 'bison') -#checkdepends=() -#optdepends=() -#provides=() -conflicts=('postgresql' 'postgresql-libs') -replaces=('postgresql' 'postgresql-libs') -source=("http://v8.1c.ru/overview/postgresql_patches/9-4-2/postgresql94-9.4.2-1.1c.src.rpm" -"postgresql.conf" "postgresql.service" "postgresql.install") -md5sums=('1b673a15fed9df8ca058bb8674dfd88a' - '7a510b5bcd4a5acb394a5dbf4286bb41' - '285c8d5ad993b5ec5c1383251cccf262' - 'febdfca7e698211aa1ecf529e9a3140c') -install=postgresql.install - -prepare() { - tar xfj "postgresql-9.4.2.tar.bz2" - cd "postgresql-9.4.2" - patch -p1 < ../1c_FULL_94-0.23 - patch -p1 < ../applock-1c-9.4.patch - patch -p1 < ../online_analyze-9.4.patch - patch -p1 < ../plantuner.patch - patch -p1 < ../postgresql-1c-9.4.patch - patch -p1 < ../postgresql-logging.patch - patch -p1 < ../postgresql-perl-rpath.patch - patch -p1 < ../postgresql-prefer-ncurses.patch - patch -p1 < ../rpm-pgsql.patch -} +license=('custom') +changelog=$pkgname.changelog +makedepends=('krb5' 'libxml2' 'python2' 'perl' 'tcl>=8.6.0' 'openssl>=1.0.0' 'pam') +source=(https://ftp.postgresql.org/pub/source/v${pkgver}/postgresql-${pkgver}.tar.bz2 + postgresql-var-run-socket.patch + http://www.r-s-v.ru/1c-patch/1c-patch.tgz + postgresql.pam + postgresql.logrotate + postgresql.service + postgresql-check-db-dir) +sha256sums=('1645b3736901f6d854e695a937389e68ff2066ce0cde9d73919d6ab7c995b9c6' + '887e567520d843f7e9f6e91820219979a4c6539d3ca6c56ebefd6d55360eddeb' + '65cc43fbd76022254f31a5125deadb18e3240966dc058734d81fe602f99817d4' + '57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5' + '6abb842764bbed74ea4a269d24f1e73d1c0b1d8ecd6e2e6fb5fb10590298605e' + 'c16981f70aca895d4a2adb36556213192776c1fc5bb75848a7f3211ad8d49c52' + '2340da0947bcb1c5602008d0ca00588ca0bfa8aca4fa6947a8bdb2c6df800b0e') +sha512sums=('97141972e154e6b0e756ee6a4e20f26e82022a9fd4c56305314a3a5567a79ece638e4ac3d513b46138737ae6bd27a098f30013a94767db151181aac9c01290a1' + '279c119b0c177d49a22dff0e9eb047ecfca5419a2bdfbd9a5908f67dfb2467ba9cbf4eab6c5fd0f9f5d1412c44a9dd14f826a97c0a9b1b519eafdbade04b8c47' + 'cbc1c017b7b666ee9ac1cf7826d7cb51d90408398d633055c946aa9b18f5c2f26114f8deaf6867b05bae991693bea2859f65da2632f2bc81fa5cd2a382c2be13' + '1e6183ab0eb812b3ef687ac2c26ce78f7cb30540f606d20023669ac00ba04075487fb72e4dc89cc05dab0269ff6aca98fc1167cc75669c225b88b592482fbf67' + '9ab4da01337ffbab8faec0e220aaa2a642dbfeccf7232ef2645bdc2177a953f17ee3cc14a4d8f8ebd064e1dae8b3dba6029adbffb8afaabea383963213941ba8' + '32ae9fe9d7484f5254af3ae873d9469010581486081c92dc7c0fca6a4f763bc4f559e811b73e4eea4b2eff934f6b083aaed2e51fe517f018fc73bb1a3134232e' + 'f12d8777ca819366eac959e023fedf2eb409aa3f358f56269e13e19185d6e9c93c1f2a6e37c8bc6465ab32a02ff83d9f196ddea3cddf24a9884be9ac6970dad2') build() { - cd "postgresql-9.4.2" - ./configure --disable-rpath --prefix=/usr --libdir=/usr/lib/postgresql/ --with-openssl --with-libxml --with-libxslt --enable-nls - make all - make -C contrib all + cd postgresql-${pkgver} + + patch -Np0 < ../postgresql-var-run-socket.patch + patch -p1 < ../00001-1c_FULL_96-0.23.patch + patch -p1 < ../00002-applock_remove_autogenerated_files.patch + patch -p1 < ../00003-applock.patch + patch -p1 < ../00004-online_analyze.patch + patch -p1 < ../00005-plantuner.patch + patch -p1 < ../00006-postgresql-1c-9.6.patch + patch -p1 < ../00007-exists_opt-2.patch + + ./configure \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --datadir=/usr/share/postgresql \ + --sysconfdir=/etc \ + --with-gssapi \ + --with-libxml \ + --with-openssl \ + --with-perl \ + --with-python PYTHON=/usr/bin/python2 \ + --with-tcl \ + --with-pam \ + --with-system-tzdata=/usr/share/zoneinfo \ + --with-uuid=e2fs \ + --enable-nls \ + --enable-thread-safety \ + --disable-integer-datetime + + make world } -package() { - cd "postgresql-9.4.2" - make DESTDIR="$pkgdir/" install - make -C contrib DESTDIR="$pkgdir/" install - install -D -c -m 0644 "$srcdir/postgresql.conf" "$pkgdir/etc/ld.so.conf.d/postgresql.conf" - install -D -c -m 0644 "$srcdir/postgresql.service" "$pkgdir/usr/lib/systemd/system/postgresql.service" +package_postgresql-1c() { + conflicts=('postgresql') + provides=('postgresql${pkgver}') + pkgdesc='Custom version of PostgreSQL 9.6 for 1C system' + backup=('etc/pam.d/postgresql' 'etc/logrotate.d/postgresql') + depends=("postgresql-libs>=${pkgver}" 'krb5' 'libxml2' 'readline>=6.0' 'openssl>=1.0.0' 'pam') + optdepends=('python2: for PL/Python support' + 'perl: for PL/Perl support' + 'tcl: for PL/Tcl support' + 'postgresql-old-upgrade: upgrade from previous major version using pg_upgrade') + options=('staticlibs') + install=postgresql.install + + cd postgresql-${pkgver} + + # install + make DESTDIR="${pkgdir}" install + make -C contrib DESTDIR="${pkgdir}" install + make -C doc/src/sgml DESTDIR="${pkgdir}" install-man + + # we don't want these, they are in the -libs package + for dir in src/interfaces src/bin/pg_config src/bin/pg_dump src/bin/psql src/bin/scripts; do + make -C ${dir} DESTDIR="${pkgdir}" uninstall + done + for util in pg_config pg_dump pg_dumpall pg_restore psql \ + clusterdb createdb createlang createuser dropdb droplang dropuser pg_isready reindexdb vacuumdb; do + rm "${pkgdir}"/usr/share/man/man1/${util}.1 + done + + # install license + install -Dm 644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgbase}/LICENSE" + + # clean up unneeded installed items + rm -rf "${pkgdir}/usr/include/postgresql/internal" + rm -rf "${pkgdir}/usr/include/libpq" + find "${pkgdir}/usr/include" -maxdepth 1 -type f -execdir rm {} + + rmdir "${pkgdir}/usr/share/doc/postgresql/html" + + install -Dm 644 "${srcdir}/postgresql.service" \ + "${pkgdir}/usr/lib/systemd/system/postgresql.service" + install -Dm 755 "${srcdir}/postgresql-check-db-dir" \ + "${pkgdir}/usr/bin/postgresql-check-db-dir" + + install -Dm 644 "${srcdir}/postgresql.pam" \ + "${pkgdir}/etc/pam.d/postgresql" + + install -Dm 644 "${srcdir}/postgresql.logrotate" \ + "${pkgdir}/etc/logrotate.d/postgresql" } diff --git a/postgresql-1c.changelog b/postgresql-1c.changelog new file mode 100644 index 000000000000..ff4647bf51e3 --- /dev/null +++ b/postgresql-1c.changelog @@ -0,0 +1,15 @@ +The format of the cluster created by PostgreSQL 9.6.3-3.1C is changed +The new cluster format is identical to the cluster format created by the standard version of PostgreSQL. +In a cluster, the data type of the timestamp data type is set to integer_datetimes = on in accordance with the format, +used by the standard version of PostgreSQL. +Support for this version in 1C: Enterprise 8.3 is implemented in version 8.3.10 and later. +Load testing was conducted on the versions 1C: Enterprise 8.3.10. +To use PostgreSQL 9.6.3-3.1C with versions of 1C: Enterprise below 8.3.10, it is necessary to assemble it with the set parameter value integer_datetimes = off + +Изменен формат кластера, создаваемого PostgreSQL 9.6.3-3.1C +Новый формат кластера идентичен формату кластера, создаваемого стандартной версией PostgreSQL. +В кластере формат хранения типа данных timestamp установлен со значением integer_datetimes=on в соответствии с форматом, +используемым стандартной версией PostgreSQL. +Поддержка этой версии в 1С:Предприятии 8.3 реализована в версии 8.3.10 и старше. +Нагрузочное тестирование проводилось на версиях 1С:Предприятия 8.3.10. +Для использования PostgreSQL 9.6.3-3.1C с версиями 1С:Предприятия ниже 8.3.10 необходимо его собрать с установленным значением параметра integer_datetimes=off diff --git a/postgresql-check-db-dir b/postgresql-check-db-dir new file mode 100644 index 000000000000..aa51d7643535 --- /dev/null +++ b/postgresql-check-db-dir @@ -0,0 +1,49 @@ +#!/bin/sh + +# This script verifies that the postgresql data directory has been correctly +# initialized. We do not want to automatically initdb it, because that has +# a risk of catastrophic failure (ie, overwriting a valuable database) in +# corner cases, such as a remotely mounted database on a volume that's a +# bit slow to mount. But we can at least emit a message advising newbies +# what to do. + +PGDATA="$1" + +if [ -z "$PGDATA" ] +then + echo "Usage: $0 database-path" + exit 1 +fi + +# PGMAJORVERSION is major version +PGMAJORVERSION=9.6 +# PREVMAJORVERSION is the previous major version +PREVMAJORVERSION=9.5 + +# Check for the PGDATA structure +if [ -f "$PGDATA/PG_VERSION" ] && [ -d "$PGDATA/base" ] +then + # Check version of existing PGDATA + if [ x`cat "$PGDATA/PG_VERSION"` = x"$PGMAJORVERSION" ] + then + : A-OK + elif [ x`cat "$PGDATA/PG_VERSION"` = x"$PREVMAJORVERSION" ] + then + echo $"An old version of the database format was found." + echo $"See https://wiki.archlinux.org/index.php/PostgreSQL#Upgrading_PostgreSQL" + exit 1 + else + echo $"An old version of the database format was found." + echo $"You need to dump and reload before using PostgreSQL $PGMAJORVERSION." + echo $"See http://www.postgresql.org/docs/$PGMAJORVERSION/static/upgrading.html" + exit 1 + fi +else + # No existing PGDATA! Warn the user to initdb it. + echo $"\"$PGDATA\" is missing or empty. Use a command like" + echo $" su - postgres -c \"initdb --locale en_US.UTF-8 -D '$PGDATA'\"" + echo $"with relevant options, to initialize the database cluster." + exit 1 +fi + +exit 0 diff --git a/postgresql-var-run-socket.patch b/postgresql-var-run-socket.patch new file mode 100644 index 000000000000..40ff0e05e3eb --- /dev/null +++ b/postgresql-var-run-socket.patch @@ -0,0 +1,47 @@ +Change the built-in default socket directory to be /var/run/postgresql. +For backwards compatibility with (probably non-libpq-based) clients that +might still expect to find the socket in /tmp, also create a socket in +/tmp. This is to resolve communication problems with clients operating +under systemd's PrivateTmp environment, which won't be using the same +global /tmp directory as the server; see bug #825448. + +Note that we apply the socket directory change at the level of the +hard-wired defaults in the C code, not by just twiddling the setting in +postgresql.conf.sample; this is so that the change will take effect on +server package update, without requiring any existing postgresql.conf +to be updated. (Of course, a user who dislikes this behavior can still +override it via postgresql.conf.) + +--- src/backend/utils/misc/guc.c.old 2016-09-28 23:52:17.410314055 +0300 ++++ src/backend/utils/misc/guc.c 2016-09-28 23:53:01.735921591 +0300 +@@ -3353,7 +3353,7 @@ + }, + &Unix_socket_directories, + #ifdef HAVE_UNIX_SOCKETS +- DEFAULT_PGSOCKET_DIR, ++ DEFAULT_PGSOCKET_DIR ", /tmp", + #else + "", + #endif +--- src/bin/initdb/initdb.c.old 2016-09-28 23:53:22.081741447 +0300 ++++ src/bin/initdb/initdb.c 2016-09-28 23:53:42.546560249 +0300 +@@ -1221,7 +1221,7 @@ + + #ifdef HAVE_UNIX_SOCKETS + snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'", +- DEFAULT_PGSOCKET_DIR); ++ DEFAULT_PGSOCKET_DIR ", /tmp"); + #else + snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''"); + #endif +--- src/include/pg_config_manual.h.old 2016-09-28 23:54:02.615382558 +0300 ++++ src/include/pg_config_manual.h 2016-09-28 23:54:22.287208381 +0300 +@@ -164,7 +164,7 @@ + * here's where to twiddle it. You can also override this at runtime + * with the postmaster's -k switch. + */ +-#define DEFAULT_PGSOCKET_DIR "/tmp" ++#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql" + + /* + * This is the default event source for Windows event log. diff --git a/postgresql.install b/postgresql.install index 203e0040fda8..0d23d474a0c2 100644 --- a/postgresql.install +++ b/postgresql.install @@ -1,36 +1,25 @@ -# This is a default template for a post-install scriptlet. -# Uncomment only required functions and remove any functions -# you don't need (and this header). - -## arg 1: the new package version -#pre_install() { - # do something here -#} - -## arg 1: the new package version post_install() { - ldconfig - grep -q postgres /etc/passwd && useradd -d /var/lib/postgres -m postgres && su - postgres -c 'initdb -D /var/lib/postgres/data' + if [ ! -d '/var/lib/postgres' ]; then + mkdir -p '/var/lib/postgres' + fi + if ! getent group postgres >/dev/null; then + groupadd -g 88 postgres + fi + if ! getent passwd postgres >/dev/null; then + useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres + passwd -l postgres >/dev/null + fi + if [ ! -d '/var/lib/postgres/data' ]; then + mkdir -p '/var/lib/postgres/data' + chown postgres:postgres '/var/lib/postgres/data' + fi } -## arg 1: the new package version -## arg 2: the old package version -#pre_upgrade() { - # do something here -#} - -## arg 1: the new package version -## arg 2: the old package version -#post_upgrade() { - # do something here -#} - -## arg 1: the old package version -#pre_remove() { - # do something here -#} - -## arg 1: the old package version -post_remove() { - ldconfig +post_upgrade() { + post_install $1 + # FS#23858, fix postgres user shell issue + postgres_shell=$(getent passwd postgres | cut -d: -f7) + if [ "$postgres_shell" = "/sbin/nologin" ]; then + chsh -s /bin/bash postgres + fi } diff --git a/postgresql.logrotate b/postgresql.logrotate new file mode 100644 index 000000000000..9c36918be5e5 --- /dev/null +++ b/postgresql.logrotate @@ -0,0 +1,4 @@ +/var/log/postgresql.log { + copytruncate + missingok +} diff --git a/postgresql.pam b/postgresql.pam new file mode 100644 index 000000000000..53724d1f86a7 --- /dev/null +++ b/postgresql.pam @@ -0,0 +1,3 @@ +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/postgresql.service b/postgresql.service index f2eaa51f4eb7..68742b6b0bea 100644 --- a/postgresql.service +++ b/postgresql.service @@ -1,9 +1,9 @@ [Unit] -Description=PostgreSQL-1C database server +Description=PostgreSQL database server After=network.target [Service] -Type=simple +Type=forking TimeoutSec=120 User=postgres Group=postgres @@ -11,11 +11,25 @@ Group=postgres Environment=PGROOT=/var/lib/postgres SyslogIdentifier=postgres -PIDFile=/var/lib/postgres/postmaster.pid -ExecStart=/usr/bin/postgres -D ${PGROOT}/data -PrivateTmp=yes +PIDFile=/var/lib/postgres/data/postmaster.pid +RuntimeDirectory=postgresql +RuntimeDirectoryMode=755 + +ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data +ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 +ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload +ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast + +# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in +# killing Postgres, so adjust it downward OOMScoreAdjust=-200 +# Additional security-related features +PrivateTmp=true +ProtectHome=true +ProtectSystem=full +NoNewPrivileges=true + [Install] WantedBy=multi-user.target |