diff options
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | caddy-systemd-service.patch | 47 |
2 files changed, 35 insertions, 16 deletions
@@ -1,5 +1,5 @@ # Generated by mksrcinfo v8 -# Thu Sep 29 16:03:37 UTC 2016 +# Thu Sep 29 16:20:44 UTC 2016 pkgbase = caddy-full-bin pkgdesc = A configurable, general-purpose HTTP/2 web server for any platform (All features enabled) pkgver = 0.9.3 @@ -32,7 +32,7 @@ pkgbase = caddy-full-bin source_aarch64 = caddy.tar.gz::http://bit.ly/2cMNaAA source_aarch64 = caddy-systemd-service.patch md5sums_aarch64 = SKIP - md5sums_aarch64 = bb3b2b3e58fe090a298e3d20b6f2597b + md5sums_aarch64 = 77e89ee90f6b69730b11ca83c7fbf48b pkgname = caddy-full-bin diff --git a/caddy-systemd-service.patch b/caddy-systemd-service.patch index 3f85f13f9988..8ed422217346 100644 --- a/caddy-systemd-service.patch +++ b/caddy-systemd-service.patch @@ -1,14 +1,33 @@ -11,12c11,12 -< User=www-data -< Group=www-data ---- -> User=http -> Group=http -41,43c41,43 -< ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE -< ;AmbientCapabilities=CAP_NET_BIND_SERVICE -< ;NoNewPrivileges=true ---- -> CapabilityBoundingSet=CAP_NET_BIND_SERVICE -> AmbientCapabilities=CAP_NET_BIND_SERVICE -> NoNewPrivileges=true +--- caddy_old.service 2016-09-29 18:04:15.356244279 +0200 ++++ caddy_new.service 2016-09-29 18:04:15.356244279 +0200 +@@ -8,14 +8,14 @@ + Restart=on-failure + + ; User and group the process will run as. +-User=www-data +-Group=www-data ++User=http ++Group=http + + ; Letsencrypt-issued certificates will be written to this directory. + Environment=HOME=/etc/ssl/caddy + + ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. +-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ++ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp + ExecReload=/bin/kill -USR1 $MAINPID + + ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. +@@ -38,9 +38,9 @@ + ; The following additional security directives only work with systemd v229 or later. + ; They further retrict privileges that can be gained by caddy. Uncomment if you like. + ; Note that you may have to add capabilities required by any plugins in use. +-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE +-;AmbientCapabilities=CAP_NET_BIND_SERVICE +-;NoNewPrivileges=true ++CapabilityBoundingSet=CAP_NET_BIND_SERVICE ++AmbientCapabilities=CAP_NET_BIND_SERVICE ++NoNewPrivileges=true + + [Install] + WantedBy=multi-user.target |