Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package geoipupdate for openSUSE:Factory checked in at 2025-04-15 16:46:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/geoipupdate (Old) and /work/SRC/openSUSE:Factory/.geoipupdate.new.1907 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "geoipupdate" Tue Apr 15 16:46:47 2025 rev:29 rq:1269433 version:7.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/geoipupdate/geoipupdate.changes 2025-03-10 18:07:35.572248570 +0100 +++ /work/SRC/openSUSE:Factory/.geoipupdate.new.1907/geoipupdate.changes 2025-04-15 16:49:30.448138986 +0200 @@ -1,0 +2,7 @@ +Tue Apr 15 01:16:35 UTC 2025 - Georg Pfuetzenreuter <mail+...@georg-pfuetzenreuter.net> + +- Add more hardening options, restrict write access to system +- Update twice a week, following current MaxMind release schedule +- Track timer units in scriptlets + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ geoipupdate.spec ++++++ --- /var/tmp/diff_new_pack.WM34ki/_old 2025-04-15 16:49:30.996161439 +0200 +++ /var/tmp/diff_new_pack.WM34ki/_new 2025-04-15 16:49:31.000161602 +0200 @@ -24,7 +24,6 @@ Group: Productivity/Networking/Other URL: https://github.com/maxmind/geoipupdate Source0: %{name}-%{version}.tar.gz -# go mod vendor && tar cf vendor.tar.gz vendor/ Source1: vendor.tar.gz Source2: geoipupdate.timer Source3: geoipupdate.service @@ -84,16 +83,16 @@ %if 0%{?suse_version} >= 1500 %pre -%service_add_pre %{name}.service +%service_add_pre %{name}.service %{name}.timer %post -%service_add_post %{name}.service +%service_add_post %{name}.service %{name}.timer %preun -%service_del_preun %{name}.service +%service_del_preun %{name}.service %{name}.timer %postun -%service_del_postun %{name}.service +%service_del_postun %{name}.service %{name}.timer %endif %files ++++++ geoipupdate.service ++++++ --- /var/tmp/diff_new_pack.WM34ki/_old 2025-04-15 16:49:31.088165208 +0200 +++ /var/tmp/diff_new_pack.WM34ki/_new 2025-04-15 16:49:31.092165372 +0200 @@ -1,23 +1,39 @@ [Unit] -Description=Update GeoIP databases +Description=Update of GeoIP2/GeoLite2 databases Documentation=man:geoipupdate(1) man:GeoIP.conf(5) [Service] -# added automatically, for details please see -# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort -ProtectSystem=full -ProtectHome=true -PrivateDevices=true -ProtectHostname=true -ProtectClock=true -ProtectKernelTunables=true -ProtectKernelModules=true -ProtectKernelLogs=true -ProtectControlGroups=true -RestrictRealtime=true -# end of automatic additions Type=oneshot -WorkingDirectory=/var/lib/GeoIP ExecStart=/usr/bin/geoipupdate +AmbientCapabilities= +CapabilityBoundingSet= +KeyringMode=private +LockPersonality=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +MountFlags=private +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@basic-io @file-system @io-event @network-io @process @signal flock fsync madvise uname + +ReadWritePaths=/var/lib/GeoIP +WorkingDirectory=/var/lib/GeoIP + ++++++ geoipupdate.timer ++++++ --- /var/tmp/diff_new_pack.WM34ki/_old 2025-04-15 16:49:31.116166355 +0200 +++ /var/tmp/diff_new_pack.WM34ki/_new 2025-04-15 16:49:31.120166519 +0200 @@ -1,13 +1,15 @@ [Unit] -Description=Weekly update of GeoLite2 databases +Description=Scheduled update of GeoIP2/GeoLite2 databases Documentation=man:geoipupdate(1) man:GeoIP.conf(5) [Timer] -OnUnitInactiveSec=1w -OnStartupSec=1h +OnCalendar=Wed,Sat America/New_York + AccuracySec=1h +RandomizedDelaySec=3h + +Persistent=true [Install] WantedBy=timers.target -
