summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO26
-rw-r--r--PKGBUILD25
-rw-r--r--docspell-joex.service29
-rw-r--r--docspell-restserver.service29
-rw-r--r--docspell.sysusers2
-rw-r--r--docspell.tmpfiles4
6 files changed, 81 insertions, 34 deletions
diff --git a/.SRCINFO b/.SRCINFO
index dd68632347c..09571eb35be 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,26 +1,28 @@
pkgbase = docspell
- pkgver = 0.12.0
+ pkgver = 0.13.0
pkgrel = 1
url = https://github.com/eikek/docspell
arch = any
groups = docspell
license = GPL3
- source = docspell-0.12.0-restserver.zip::https://github.com/eikek/docspell/releases/download/v0.12.0/docspell-restserver-0.12.0.zip
- source = docspell-0.12.0-joex.zip::https://github.com/eikek/docspell/releases/download/v0.12.0/docspell-joex-0.12.0.zip
+ depends = java-runtime-headless
+ optdepends = solr: provide fulltext search
+ source = docspell-0.13.0-restserver.zip::https://github.com/eikek/docspell/releases/download/v0.13.0/docspell-restserver-0.13.0.zip
+ source = docspell-0.13.0-joex.zip::https://github.com/eikek/docspell/releases/download/v0.13.0/docspell-joex-0.13.0.zip
source = docspell-joex.sh
source = docspell-restserver.sh
source = docspell-joex.service
source = docspell-restserver.service
source = docspell.sysusers
source = docspell.tmpfiles
- sha512sums = 71d57a7645fb62138019d2be01d6fcd627c8b85407954cba50d4dd4c939ea35f06516eda24f10cc53d2f28b0ed4a534ec842b15409e1c21fe639581e7bb9d878
- sha512sums = d563241a071f81fd325c88bccd6c9f448e6b297be326266639af2eec51f766d134dad379f56fd737247769b22007ba2ded6e8ad2b3b84e13f9bc4b9cfb529e9b
+ sha512sums = d4892ad84b0d91713dd2fd0eb4b22bb7acf7b285898acda55928049c2a463cdb0c7f865acf5fe05c15bd5e581049948e9d2cbef31049dc049786324fb117ac1c
+ sha512sums = 315f2bdcefa48685bf4cfe5f0c1860c88904aab5cfdf4eea8885975d72177baa9308fbdf0e350fe14b1f6a22edfab538cfa82a70739c4b8bade1857f216226a5
sha512sums = 2603c87f2db0e5d57486ad15f83092f577308d1bcda94d9f03bb142cc367c8421105b09bdcd93164a5f55059ac2d4f6d188ba3f729c11211438643675b577f00
sha512sums = 71887a73f3f545260667084e065d8268cefb10912d81e3cdbcbb0e104f3ebb1a498b8fc7bf14ec1ebcbfae9d79006a618f2477969eb2bd79603e0abfe9cb120c
- sha512sums = ecc4caa40f4605b6889f5afae2686b9082c012e4a12225a219daaf304a7ceec31b7b2d9458133d33ec12cb10b47b3275b0b14707c39733204e64904885858d41
- sha512sums = 20874138bfbcb952a9cd913d38418b0ab19c3c91f035e6a1b2b4549daf7f63075968dfc1eb114322a0666c9709888a3f578c8924fd23ccb2d839385c923e1ff9
- sha512sums = 1c5d5ade3948e3791b790ff27ec20017b589101622342a7ff603127a4400fd557cdc1125a35b812eef317abdb04b5ffd43d4b52977eac85e4ed009086293bc78
- sha512sums = 22bece62e82fcbc7c41daeb457cf7473a5e22690ec6a9a7e45e471aabcce930fca8220102b2b979057b577ddfedba3b758227ee912191f8074dbdd2f56b20e8c
+ sha512sums = f63f0fa58715b7da01aa265a7bec72eb24f0e98c354eed479b6034bc33b2ccdaef87db8a7630af1d5a6ac43fadf11a0f0a3fb3de5e183aa64d838a69b67125f9
+ sha512sums = 5cbe3c5a547eaa0af0952aca352b5dd86397b2c7fbc4fc730dd8882ee381586630124946d33ac34439505726a924c3b3c12792561ddc824fd5d5ef255d0a8d0f
+ sha512sums = afe9a62801e962aac2996d1bfdd02bcf027f5135e40130bff2078a0fe2072d1d135ceb0dfce5d2174686f1f60a6d93f460c83fbb62884ef2e51c23232f521597
+ sha512sums = 2c3926f7bb67b2556c1d46116035053b204ab5aa5f11bbf2b0e7e7b5b10acfa5e1dd86fa9aa7b57f8d7d92a7cdac0d8f314de4dc289e33d5d327c2349fd97698
pkgname = docspell-joex
pkgdesc = Job executer for docspell
@@ -29,13 +31,11 @@ pkgname = docspell-joex
depends = tesseract
depends = unoconv
depends = wkhtmltopdf
- optdepends = unpaper: pre-processes images to yield better results when doing ocr
+ optdepends = solr: provide fulltext search
optdepends = ocrmypdf: adds an OCR layer to scanned PDF files to make them searchable
- optdepends = solr: provide the fulltext search feature
+ optdepends = unpaper: pre-processes images to yield better results when doing ocr
backup = etc/docspell-joex.conf
pkgname = docspell-restserver
- depends = java-runtime-headless
- optdepends = solr: provide the fulltext search feature
backup = etc/.conf
diff --git a/PKGBUILD b/PKGBUILD
index d9064c917d8..a7cf7f9593c 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,12 +3,14 @@
pkgbase=docspell
pkgname=('docspell-joex' 'docspell-restserver')
-pkgver=0.12.0
+pkgver=0.13.0
pkgrel=1
arch=('any')
url="https://github.com/eikek/docspell"
license=('GPL3')
groups=('docspell')
+depends=('java-runtime-headless')
+optdepends=('solr: provide fulltext search')
source=("$pkgbase-$pkgver-restserver.zip::https://github.com/eikek/$pkgbase/releases/download/v$pkgver/$pkgbase-restserver-$pkgver.zip"
"$pkgbase-$pkgver-joex.zip::https://github.com/eikek/$pkgbase/releases/download/v$pkgver/$pkgbase-joex-$pkgver.zip"
"${pkgname[0]}.sh"
@@ -17,14 +19,14 @@ source=("$pkgbase-$pkgver-restserver.zip::https://github.com/eikek/$pkgbase/rele
"${pkgname[1]}.service"
"$pkgbase.sysusers"
"$pkgbase.tmpfiles")
-sha512sums=('71d57a7645fb62138019d2be01d6fcd627c8b85407954cba50d4dd4c939ea35f06516eda24f10cc53d2f28b0ed4a534ec842b15409e1c21fe639581e7bb9d878'
- 'd563241a071f81fd325c88bccd6c9f448e6b297be326266639af2eec51f766d134dad379f56fd737247769b22007ba2ded6e8ad2b3b84e13f9bc4b9cfb529e9b'
+sha512sums=('d4892ad84b0d91713dd2fd0eb4b22bb7acf7b285898acda55928049c2a463cdb0c7f865acf5fe05c15bd5e581049948e9d2cbef31049dc049786324fb117ac1c'
+ '315f2bdcefa48685bf4cfe5f0c1860c88904aab5cfdf4eea8885975d72177baa9308fbdf0e350fe14b1f6a22edfab538cfa82a70739c4b8bade1857f216226a5'
'2603c87f2db0e5d57486ad15f83092f577308d1bcda94d9f03bb142cc367c8421105b09bdcd93164a5f55059ac2d4f6d188ba3f729c11211438643675b577f00'
'71887a73f3f545260667084e065d8268cefb10912d81e3cdbcbb0e104f3ebb1a498b8fc7bf14ec1ebcbfae9d79006a618f2477969eb2bd79603e0abfe9cb120c'
- 'ecc4caa40f4605b6889f5afae2686b9082c012e4a12225a219daaf304a7ceec31b7b2d9458133d33ec12cb10b47b3275b0b14707c39733204e64904885858d41'
- '20874138bfbcb952a9cd913d38418b0ab19c3c91f035e6a1b2b4549daf7f63075968dfc1eb114322a0666c9709888a3f578c8924fd23ccb2d839385c923e1ff9'
- '1c5d5ade3948e3791b790ff27ec20017b589101622342a7ff603127a4400fd557cdc1125a35b812eef317abdb04b5ffd43d4b52977eac85e4ed009086293bc78'
- '22bece62e82fcbc7c41daeb457cf7473a5e22690ec6a9a7e45e471aabcce930fca8220102b2b979057b577ddfedba3b758227ee912191f8074dbdd2f56b20e8c')
+ 'f63f0fa58715b7da01aa265a7bec72eb24f0e98c354eed479b6034bc33b2ccdaef87db8a7630af1d5a6ac43fadf11a0f0a3fb3de5e183aa64d838a69b67125f9'
+ '5cbe3c5a547eaa0af0952aca352b5dd86397b2c7fbc4fc730dd8882ee381586630124946d33ac34439505726a924c3b3c12792561ddc824fd5d5ef255d0a8d0f'
+ 'afe9a62801e962aac2996d1bfdd02bcf027f5135e40130bff2078a0fe2072d1d135ceb0dfce5d2174686f1f60a6d93f460c83fbb62884ef2e51c23232f521597'
+ '2c3926f7bb67b2556c1d46116035053b204ab5aa5f11bbf2b0e7e7b5b10acfa5e1dd86fa9aa7b57f8d7d92a7cdac0d8f314de4dc289e33d5d327c2349fd97698')
prepare() {
# shellcheck disable=2016
@@ -44,10 +46,9 @@ prepare() {
package_docspell-joex() {
description=("Assists in organizing your piles of documents, resulting from scanners, e-mails and other sources with miminal effort. (Job executer)")
pkgdesc="Job executer for docspell"
- depends=('java-runtime-headless' 'ghostscript' 'tesseract' 'unoconv' 'wkhtmltopdf')
- optdepends=('unpaper: pre-processes images to yield better results when doing ocr'
- 'ocrmypdf: adds an OCR layer to scanned PDF files to make them searchable'
- 'solr: provide the fulltext search feature')
+ depends+=('ghostscript' 'tesseract' 'unoconv' 'wkhtmltopdf')
+ optdepends+=('ocrmypdf: adds an OCR layer to scanned PDF files to make them searchable'
+ 'unpaper: pre-processes images to yield better results when doing ocr')
backup=("etc/${pkgname[0]}.conf")
install -Dm 755 "${pkgname[0]}.sh" "$pkgdir/usr/bin/${pkgname[0]}"
@@ -73,8 +74,6 @@ package_docspell-joex() {
package_docspell-restserver() {
description=("Assists in organizing your piles of documents, resulting from scanners, e-mails and other sources with miminal effort. (Server)")
- depends=('java-runtime-headless')
- optdepends=('solr: provide the fulltext search feature')
backup=("etc/${pkgname[1]}.conf")
install -Dm 755 "${pkgname[1]}.sh" "$pkgdir/usr/bin/${pkgname[1]}"
diff --git a/docspell-joex.service b/docspell-joex.service
index f330f596b4b..090f723ca08 100644
--- a/docspell-joex.service
+++ b/docspell-joex.service
@@ -1,5 +1,5 @@
[Unit]
-Description=docspell-joex
+Description=Docspell job executer
Requires=network.target
[Service]
@@ -7,7 +7,7 @@ Type=simple
WorkingDirectory=/var/lib/docspell
ExecStart=/usr/bin/docspell-joex
ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
+Restart=on-abnormal
RestartSec=60
SuccessExitStatus=
TimeoutStopSec=5
@@ -16,5 +16,30 @@ Group=docspell
PermissionsStartOnly=true
LimitNOFILE=1024
+# Sandboxing features
+# https://github.com/alegrey91/systemd-service-hardening#getting-started
+# https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
+DevicePolicy=closed
+IPAddressAllow=192.168.1.0/24
+LockPersonality=yes
+#MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+ReadWritePaths=/var/lib/docspell
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=net
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
[Install]
WantedBy=multi-user.target
diff --git a/docspell-restserver.service b/docspell-restserver.service
index 44894cb566a..95c79e3c30c 100644
--- a/docspell-restserver.service
+++ b/docspell-restserver.service
@@ -1,5 +1,5 @@
[Unit]
-Description=docspell-restserver
+Description=Docspell server
Requires=network.target
[Service]
@@ -7,7 +7,7 @@ Type=simple
WorkingDirectory=/var/lib/docspell
ExecStart=/usr/bin/docspell-restserver
ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
+Restart=on-abnormal
RestartSec=60
SuccessExitStatus=
TimeoutStopSec=5
@@ -16,5 +16,30 @@ Group=docspell
PermissionsStartOnly=true
LimitNOFILE=1024
+# Sandboxing features
+# https://github.com/alegrey91/systemd-service-hardening#getting-started
+# https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
+DevicePolicy=closed
+IPAddressAllow=192.168.1.0/24
+LockPersonality=yes
+#MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+ReadWritePaths=/var/lib/docspell
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=net
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
[Install]
WantedBy=multi-user.target
diff --git a/docspell.sysusers b/docspell.sysusers
index 8e85886de47..56fd3cf6040 100644
--- a/docspell.sysusers
+++ b/docspell.sysusers
@@ -1 +1 @@
-u docspell - "organizing your piles of documents" -
+u docspell - "organizing your piles of documents" /var/lib/docspell -
diff --git a/docspell.tmpfiles b/docspell.tmpfiles
index c43f0cf6c71..e429f6bf0d4 100644
--- a/docspell.tmpfiles
+++ b/docspell.tmpfiles
@@ -1,3 +1 @@
-d /run/docspell 755 docspell docspell -
-d /var/log/docspell - docspell docspell -
-d /var/lib/docspell 755 docspell docspell -
+d /var/lib/docspell 750 docspell docspell -