diff options
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | PKGBUILD | 20 | ||||
-rw-r--r-- | config.yml | 41 | ||||
-rw-r--r-- | default-port.patch | 12 | ||||
-rw-r--r-- | gotify-server.service | 28 | ||||
-rw-r--r-- | tmpfiles.d | 4 |
6 files changed, 60 insertions, 55 deletions
@@ -1,7 +1,7 @@ pkgbase = gotify-server pkgdesc = A simple server for sending and receiving messages in real-time per WebSocket. pkgver = 2.0.14 - pkgrel = 3 + pkgrel = 4 url = https://gotify.net/ arch = x86_64 arch = i686 @@ -15,13 +15,13 @@ pkgbase = gotify-server source = gotify-server-2.0.14.tar.gz::https://github.com/gotify/server/archive/v2.0.14.tar.gz source = sysusers.d source = tmpfiles.d - source = config.yml source = gotify-server.service + source = default-port.patch sha256sums = 986125b92192e404a2f3af5db510d2d651c6301d218cbb66edd6013f8e8153b0 sha256sums = 2052ac82ceb607701bd505c9df4170bb65c14601a4c8dda3c4ee36fd399c3dfa - sha256sums = 6d90cb466122331b983fac2d20a53f82c96db3e340297ec218cf296d0083dbc5 - sha256sums = 4023cd8e241accc8e650dd5a93fbad0c3f9c3ca87b1a83d1fd39c83178216dfa - sha256sums = 9c187715b12269ff4bf6768b1e7813daafb5812df1f3bc010c894c7b736743fa + sha256sums = 6993561f2c31860e7a59850ba5c3aac9a061420f72961fd6488e7608d3e68ff5 + sha256sums = 6220ae0a14147401785c54737f75bd90627cb51cea272e7662d65a63ef5399ca + sha256sums = 7366c858a766b926c3d698bd31194ef1bab32de2668c9279a56c445f810a5984 pkgname = gotify-server @@ -1,9 +1,9 @@ -# Maintainer: ml <ml@visu.li> -# @TODO systemd service optimization, systemd socket, ui +# Maintainer: jmattheis <contact AT jmattheis DOT de> +# Contributor: ml <ml@visu.li> pkgname=gotify-server pkgver=2.0.14 _commit=e56f7bc4c7efdb61fea88a0b65d501277604cefa -pkgrel=3 +pkgrel=4 pkgdesc='A simple server for sending and receiving messages in real-time per WebSocket.' arch=('x86_64' 'i686' 'aarch64' 'armv7') url='https://gotify.net/' @@ -14,14 +14,18 @@ source=( "$pkgname-$pkgver.tar.gz::https://github.com/gotify/server/archive/v${pkgver}.tar.gz" 'sysusers.d' 'tmpfiles.d' - 'config.yml' 'gotify-server.service' + 'default-port.patch' ) sha256sums=('986125b92192e404a2f3af5db510d2d651c6301d218cbb66edd6013f8e8153b0' '2052ac82ceb607701bd505c9df4170bb65c14601a4c8dda3c4ee36fd399c3dfa' - '6d90cb466122331b983fac2d20a53f82c96db3e340297ec218cf296d0083dbc5' - '4023cd8e241accc8e650dd5a93fbad0c3f9c3ca87b1a83d1fd39c83178216dfa' - '9c187715b12269ff4bf6768b1e7813daafb5812df1f3bc010c894c7b736743fa') + '6993561f2c31860e7a59850ba5c3aac9a061420f72961fd6488e7608d3e68ff5' + '05b3edff049ad5600c2515279a6e1167dd8e62c2525e3916d807aba35a33362f' + '7366c858a766b926c3d698bd31194ef1bab32de2668c9279a56c445f810a5984') + +prepare() { + patch -N -p1 -d "server-$pkgver" <default-port.patch +} build() { cd "server-$pkgver" @@ -51,10 +55,10 @@ check() { package() { install -Dm644 sysusers.d "$pkgdir/usr/lib/sysusers.d/gotify.conf" install -Dm644 tmpfiles.d "$pkgdir/usr/lib/tmpfiles.d/gotify.conf" - install -Dm644 config.yml "$pkgdir/etc/gotify/config.yml" install -Dm644 gotify-server.service "$pkgdir/usr/lib/systemd/system/gotify-server.service" cd "server-$pkgver" install -Dm755 "$pkgname" "$pkgdir/usr/bin/$pkgname" + install -Dm640 config.example.yml "$pkgdir/etc/gotify/config.yml" install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" } diff --git a/config.yml b/config.yml deleted file mode 100644 index 4cbcca432ff6..000000000000 --- a/config.yml +++ /dev/null @@ -1,41 +0,0 @@ -# Example configuration file for the server. -# Save it to `config.yml` when edited - -server: - listenaddr: "" # the address to bind on, leave empty to bind on all addresses - port: 8080 # the port the HTTP server will listen on - - ssl: - enabled: false # if https should be enabled - redirecttohttps: true # redirect to https if site is accessed by http - listenaddr: "" # the address to bind on, leave empty to bind on all addresses - port: 443 # the https port - certfile: # the cert file (leave empty when using letsencrypt) - certkey: # the cert key (leave empty when using letsencrypt) - letsencrypt: - enabled: false # if the certificate should be requested from letsencrypt - accepttos: false # if you accept the tos from letsencrypt - cache: /var/lib/gotify-server/certs # the directory of the cache from letsencrypt - hosts: # the hosts for which letsencrypt should request certificates -# - mydomain.tld -# - myotherdomain.tld - - responseheaders: # response headers are added to every response (default: none) -# Access-Control-Allow-Origin: "*" -# Access-Control-Allow-Methods: "GET,POST" - - stream: - allowedorigins: # allowed origins for websocket connections (same origin is always allowed) -# - ".+.example.com" -# - "otherdomain.com" - -database: # for database see (configure database section) - dialect: sqlite3 - connection: /var/lib/gotify-server/gotify.db - -defaultuser: # on database creation, gotify creates an admin user - name: admin # the username of the default user - pass: admin # the password of the default user -passstrength: 10 # the bcrypt password strength (higher = better but also slower) -uploadedimagesdir: /var/lib/gotify-server/images # the directory for storing uploaded images -pluginsdir: /var/lib/gotify-server/plugins # the directory where plugin resides diff --git a/default-port.patch b/default-port.patch new file mode 100644 index 000000000000..6f4eda05fdbb --- /dev/null +++ b/default-port.patch @@ -0,0 +1,12 @@ +diff -ura package.orig/config.example.yml package.new/config.example.yml +--- package.orig/config.example.yml 2020-03-08 14:59:02.828681120 +0100 ++++ package.new/config.example.yml 2020-03-08 15:00:09.321068531 +0100 +@@ -3,7 +3,7 @@ + + server: + listenaddr: "" # the address to bind on, leave empty to bind on all addresses +- port: 80 # the port the HTTP server will listen on ++ port: 8080 # the port the HTTP server will listen on + + ssl: + enabled: false # if https should be enabled diff --git a/gotify-server.service b/gotify-server.service index 4e87bab05dc1..eaafa54f9ca1 100644 --- a/gotify-server.service +++ b/gotify-server.service @@ -7,6 +7,34 @@ Type=simple User=gotify Group=gotify ExecStart=/usr/bin/gotify-server +WorkingDirectory=~ +ReadOnlyPaths=/etc/gotify/config.yml +ReadWritePaths=/var/lib/gotify +UMask=0077 +CapabilityBoundingSet= +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +PrivateUsers=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RemoveIPC=true +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources [Install] WantedBy=multi-user.target diff --git a/tmpfiles.d b/tmpfiles.d index 11858fdd7896..10636d675302 100644 --- a/tmpfiles.d +++ b/tmpfiles.d @@ -1 +1,3 @@ -d /var/lib/gotify-server 0700 gotify gotify +d /var/lib/gotify/data 0700 gotify gotify +z /var/lib/gotify 0700 gotify gotify +z /etc/gotify/config.yml 0640 root gotify |