aboutsummarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--caddy-systemd-service.patch47
2 files changed, 35 insertions, 16 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 041dd4340b02..a955c887b614 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
# Generated by mksrcinfo v8
-# Thu Sep 29 16:03:37 UTC 2016
+# Thu Sep 29 16:20:44 UTC 2016
pkgbase = caddy-full-bin
pkgdesc = A configurable, general-purpose HTTP/2 web server for any platform (All features enabled)
pkgver = 0.9.3
@@ -32,7 +32,7 @@ pkgbase = caddy-full-bin
source_aarch64 = caddy.tar.gz::https://caddyserver.com/download/build?os=linux&features=awslambda,cors,filemanager,git,hugo,ipfilter,jwt,locale,mailout,minify,multipass,prometheus,ratelimit,realip,search,upload,cloudflare,digitalocean,dnsimple,dyn,gandi,googlecloud,namecheap,rfc2136,route53,vultr&arch=arm64
source_aarch64 = caddy-systemd-service.patch
md5sums_aarch64 = SKIP
- md5sums_aarch64 = bb3b2b3e58fe090a298e3d20b6f2597b
+ md5sums_aarch64 = 77e89ee90f6b69730b11ca83c7fbf48b
pkgname = caddy-full-bin
diff --git a/caddy-systemd-service.patch b/caddy-systemd-service.patch
index 3f85f13f9988..8ed422217346 100644
--- a/caddy-systemd-service.patch
+++ b/caddy-systemd-service.patch
@@ -1,14 +1,33 @@
-11,12c11,12
-< User=www-data
-< Group=www-data
----
-> User=http
-> Group=http
-41,43c41,43
-< ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-< ;AmbientCapabilities=CAP_NET_BIND_SERVICE
-< ;NoNewPrivileges=true
----
-> CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-> AmbientCapabilities=CAP_NET_BIND_SERVICE
-> NoNewPrivileges=true
+--- caddy_old.service 2016-09-29 18:04:15.356244279 +0200
++++ caddy_new.service 2016-09-29 18:04:15.356244279 +0200
+@@ -8,14 +8,14 @@
+ Restart=on-failure
+
+ ; User and group the process will run as.
+-User=www-data
+-Group=www-data
++User=http
++Group=http
+
+ ; Letsencrypt-issued certificates will be written to this directory.
+ Environment=HOME=/etc/ssl/caddy
+
+ ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
+-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
++ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ ExecReload=/bin/kill -USR1 $MAINPID
+
+ ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
+@@ -38,9 +38,9 @@
+ ; The following additional security directives only work with systemd v229 or later.
+ ; They further retrict privileges that can be gained by caddy. Uncomment if you like.
+ ; Note that you may have to add capabilities required by any plugins in use.
+-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+-;AmbientCapabilities=CAP_NET_BIND_SERVICE
+-;NoNewPrivileges=true
++CapabilityBoundingSet=CAP_NET_BIND_SERVICE
++AmbientCapabilities=CAP_NET_BIND_SERVICE
++NoNewPrivileges=true
+
+ [Install]
+ WantedBy=multi-user.target