Date: Friday, August 24, 2018 @ 17:41:28 Author: dvzrv Revision: 373838
upgpkg: radicale 2.1.10-2 Fixing ProtectSystem settings in service (ReadWritePaths was misspelled as ReadWriteDirectories and preventing strict settings). Removing radicale from http group (not needed). Being more permissive on /etc/radicale, while being less permissive on the configuration files within. Modified: radicale/trunk/PKGBUILD radicale/trunk/radicale-sysusers.conf radicale/trunk/radicale-tmpfiles.conf radicale/trunk/radicale.service ------------------------+ PKGBUILD | 15 +++++++++------ radicale-sysusers.conf | 1 - radicale-tmpfiles.conf | 4 ++-- radicale.service | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-08-24 17:38:43 UTC (rev 373837) +++ PKGBUILD 2018-08-24 17:41:28 UTC (rev 373838) @@ -1,11 +1,13 @@ -# Maintainer: Moritz Lipp <[email protected]> -# Co-Maintainer: fordprefect <[email protected]> +# $Id$ +# Maintainer: David Runge <[email protected]> +# Contributor: Moritz Lipp <[email protected]> +# Contributor: fordprefect <[email protected]> # Contributor: Thor77 <[email protected]> pkgname=radicale _name=Radicale pkgver=2.1.10 -pkgrel=1 +pkgrel=2 pkgdesc='Simple calendar (CalDAV) and contact (CardDAV) server' arch=('any') url="http://www.radicale.org/"; @@ -18,9 +20,9 @@ "${pkgname}-tmpfiles.conf" "${pkgname}.service") sha512sums=('8be15a0777e437b38c48f80ae67b84ab9459414e6f493c8f2f2628fdbe5907757c61610d1b1c38bb161353baf7ac6488105639836a0f0e5d2e7ef163d014c25f' - '444489ba929680490884e338acc311fb61d81f9d9f0282c92c40a80317af9e61123e4764e803d1698876417170efd40bfe7f56408570891c4e426de3be17c302' - '4570ed393b73bc5a3fd571947acae78b96b5e17f659e3169f542b9c481635680c724d5c6c0952661fae063caf04c786afe7043c5052945e7a00bb66326dec016' - '6a3452009bebc0f8680ea8e64b9a398c04f3fb6b20752c377392e22641845a04dbfda78d586271c9a25bd7d5ba42b7a8f74774afed68732f19ddd764f53e11cc') + '56dffb66e018cfbf158dc5d8fe638b3cb31229945f659aae5623f219bcd1d68ddc375f1633fa8e857a9b2f50c9e05a06efce165370137d6e116a4f187466637f' + 'ae70ad94f4b2ea77fd0929905c09410a2b52449a03ee6a7237607155c6db2efd7e8f1c26933f03ebc26ca6009223dfa7634acf871c56f1bb925fa41f3a291c67' + '2e2a99fb0a42d3f0f8ac9d0264376441ea600508e98c5dfb3ebcd6de096286a276747455fdf4b5c771f3cc6f454cb0277dc62cc9b11e278bd5fe74cb2b7b979a') prepare() { mv -v ${_name}-${pkgver} ${pkgname}-${pkgver} @@ -48,6 +50,7 @@ --root="${pkgdir}" # config install -vDm 644 config "${pkgdir}/etc/${pkgname}/config" + touch "${pkgdir}/etc/${pkgname}/users" # fcgi/wsgi install -t "${pkgdir}/usr/share/${pkgname}/" \ -vDm 644 "${pkgname}.fcgi" \ Modified: radicale-sysusers.conf =================================================================== --- radicale-sysusers.conf 2018-08-24 17:38:43 UTC (rev 373837) +++ radicale-sysusers.conf 2018-08-24 17:41:28 UTC (rev 373838) @@ -1,2 +1 @@ u radicale - "Radicale user" -m radicale http Modified: radicale-tmpfiles.conf =================================================================== --- radicale-tmpfiles.conf 2018-08-24 17:38:43 UTC (rev 373837) +++ radicale-tmpfiles.conf 2018-08-24 17:41:28 UTC (rev 373838) @@ -1,3 +1,3 @@ -d /etc/radicale 0750 root radicale - -z /etc/radicale/config 0644 root radicale - +z /etc/radicale/config 0640 radicale radicale - +z /etc/radicale/users 0640 radicale radicale - d /var/lib/radicale 0750 radicale radicale - Modified: radicale.service =================================================================== --- radicale.service 2018-08-24 17:38:43 UTC (rev 373837) +++ radicale.service 2018-08-24 17:41:28 UTC (rev 373838) @@ -12,13 +12,13 @@ UMask=0027 PrivateTmp=yes PrivateDevices=yes -ProtectSystem=full +ProtectSystem=strict ProtectHome=yes ProtectKernelTunables=yes ProtectKernelModules=yes ProtectControlGroups=yes NoNewPrivileges=yes -ReadWriteDirectories=/var/lib/radicale +ReadWritePaths=/var/lib/radicale [Install] WantedBy=multi-user.target
