diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | PKGBUILD | 43 | ||||
-rw-r--r-- | kimchi.service | 27 |
3 files changed, 86 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..41e8cc6d7b27 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,16 @@ +pkgbase = kimchi-server-git + pkgdesc = A bare-bones HTTP server + pkgver = r27.770d55444e12 + pkgrel = 1 + url = https://sr.ht/~emersion/kimchi + arch = x86_64 + license = MIT + makedepends = go + makedepends = scdoc + source = kimchi-server-git::git+https://git.sr.ht/~emersion/kimchi + source = kimchi.service + sha256sums = SKIP + sha256sums = dcc0ca834dafd0f0a959af57db59b54a307499402699a07f715ce102a9dd039b + +pkgname = kimchi-server-git + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..2ef51d3748cb --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,43 @@ +pkgname=kimchi-server-git +pkgver=r27.770d55444e12 +pkgrel=1 +pkgdesc='A bare-bones HTTP server' +arch=('x86_64') +url="https://sr.ht/~emersion/kimchi" +license=('MIT') +makedepends=('go' 'scdoc') +source=( + "$pkgname::git+https://git.sr.ht/~emersion/kimchi" + 'kimchi.service' +) +sha256sums=( + 'SKIP' + 'dcc0ca834dafd0f0a959af57db59b54a307499402699a07f715ce102a9dd039b' +) + +pkgver() { + cd "$pkgname" + printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" +} + +build() { + cd "$pkgname" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + make +} + +check() { + cd "$pkgname" + go test ./... +} + +package() { + cd "$pkgname" + make install PREFIX=/usr DESTDIR="$pkgdir" + install -Dm644 "$srcdir/kimchi.service" -t "$pkgdir/usr/lib/systemd/system" + install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" +} diff --git a/kimchi.service b/kimchi.service new file mode 100644 index 000000000000..7dc25f5ae8a6 --- /dev/null +++ b/kimchi.service @@ -0,0 +1,27 @@ +[Unit] +Description=kimchi web server +Documentation=https://sr.ht/~emersion/kimchi +After=network.target + +[Service] +User=http +Group=http +ExecStart=/usr/bin/kimchi +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 + +# Hardening options +PrivateTmp=true +PrivateDevices=true +ProtectSystem=strict +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true + +[Install] +WantedBy=multi-user.target |