diff options
author | 0b100100 | 2021-12-24 18:41:10 +0100 |
---|---|---|
committer | 0b100100 | 2021-12-24 18:43:38 +0100 |
commit | ab67f860e452553a4435960edbc5e05b1be4d8bb (patch) | |
tree | effa39429141d5c5cb4890e9d98b7340be2f1a30 /PKGBUILD | |
parent | 795a7c2155e4de3f5678f3f74eb11dca6be2cde5 (diff) | |
download | aur-ab67f860e452553a4435960edbc5e05b1be4d8bb.tar.gz |
Run service as a separate user and add some patches
Create needed paths in service file
Add security and hardening measures in service file
Diffstat (limited to 'PKGBUILD')
-rw-r--r-- | PKGBUILD | 19 |
1 files changed, 12 insertions, 7 deletions
@@ -3,7 +3,7 @@ # Contributor: Roberto Catini <roberto.catini@gmail.com> pkgname=rippled -pkgrel=1 +pkgrel=2 pkgver=1.8.2 pkgdesc="Ripple peer-to-peer network daemon" arch=('x86_64') @@ -14,16 +14,20 @@ depends=('protobuf' 'boost-libs' 'libarchive' 'libsecp256k1' 'rocksdb') makedepends=('git' 'cmake' 'boost' 'clang' 'doxygen') install=$pkgname.install source=("$pkgname-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz" - "$pkgname.service" "$pkgname.install" - "cflag_werror_format-security.patch") + "$pkgname.sysusers" + "0001-cflag_werror_format-security.patch" + "0002-service_execstart_paths_security_and_sandboxing.patch") sha512sums=('a18f5eb9930586b49e6cbdae5edebf8f268b9c114b068543734a90282c5e5367c26d1bc6e2a31a6c42e294a763b5e9fa79792c580d049195b755b1af719496f2' - '4bd5964aac94df0f5cc9a6f177df07cacb71b1df5908ea6dc7c351103ca027688021f4ece184a7b7c5166bac1b4cc0e99cfd79e7a44ebf674618ad7a2f6b5a5a' '0c50bbd6b790163ca77ab6b8f5a078049dafe69f3818f05c8de3db626227c20cb55fbeaf38ca7594ce3a4f82156319ab69ccf24ca2615a278459f10a3ad7a04c' - '826c1233d10339176267cbd6ef394e3b4647630a074f2c4cdade7ee683319e01ea45209037cbce7acef7e97885adce7250f23d65174baca65f40a4aa2ef6b0fb') + 'bf651f870dc788a53960b950f1d069a2775fb806399c11b4e96499c26e325c844120bf7a1698a9482621b5634d2c7202b5917c582fd8a53002b2c9fe4caf6bae' + '826c1233d10339176267cbd6ef394e3b4647630a074f2c4cdade7ee683319e01ea45209037cbce7acef7e97885adce7250f23d65174baca65f40a4aa2ef6b0fb' + 'fc841883eb6fb74a8ebbff8bccfd042022db533f4b44595e43680b048a7cead6532704538f2d22c6d04349d2472692bf3b5fc091dd454fa3d3cf37c88acb2c7e') prepare() { - patch -d "$pkgname-$pkgver" -p1 -i "$srcdir/cflag_werror_format-security.patch" + cd "$pkgname-$pkgver" + patch -p1 -i "$srcdir/0001-cflag_werror_format-security.patch" + patch -p1 -i "$srcdir/0002-service_execstart_paths_security_and_sandboxing.patch" } build() { @@ -41,11 +45,12 @@ check() { package() { install -D build/rippled "$pkgdir/usr/bin/rippled" - install -D -m644 $pkgname.service "$pkgdir/usr/lib/systemd/system/$pkgname.service" + install -D -m644 $pkgname.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" cd "$pkgname-$pkgver" install -D -m644 LICENSE.md "$pkgdir/usr/share/licenses/$pkgname/LICENSE" install -D -m644 cfg/rippled-example.cfg "$pkgdir/etc/$pkgname/rippled.cfg" install -D -m644 cfg/validators-example.txt "$pkgdir/etc/$pkgname/validators.txt" + install -D -m644 Builds/containers/shared/rippled.service "$pkgdir/usr/lib/systemd/system/rippled.service" } # vim:set ts=2 sw=2 et: |