commit: 061c8a8f90a1120cbf5100c0d683878509404edb Author: Craig Andrews <candrews <AT> gentoo <DOT> org> AuthorDate: Fri Sep 24 13:22:07 2021 +0000 Commit: Craig Andrews <candrews <AT> gentoo <DOT> org> CommitDate: Fri Sep 24 13:22:07 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=061c8a8f
net-misc/xmrig: disable PrivateDevices and ProtectClock hardening Bug: https://github.com/systemd/systemd/issues/13857 Bug: https://github.com/systemd/systemd/issues/20835 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Craig Andrews <candrews <AT> gentoo.org> net-misc/xmrig/files/xmrig.service | 4 +-- net-misc/xmrig/xmrig-6.15.1-r1.ebuild | 64 +++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/net-misc/xmrig/files/xmrig.service b/net-misc/xmrig/files/xmrig.service index 8b59fc0c131..16a924aae41 100644 --- a/net-misc/xmrig/files/xmrig.service +++ b/net-misc/xmrig/files/xmrig.service @@ -16,9 +16,9 @@ PrivateTmp=true ProtectHome=true ProtectSystem=strict NoNewPrivileges=true -PrivateDevices=true +# PrivateDevices=true # https://github.com/systemd/systemd/issues/13857 CapabilityBoundingSet= -ProtectClock=true +#ProtectClock=true # https://github.com/systemd/systemd/issues/20835 ProtectKernelModules=true ProtectKernelTunables=true ProtectKernelLogs=true diff --git a/net-misc/xmrig/xmrig-6.15.1-r1.ebuild b/net-misc/xmrig/xmrig-6.15.1-r1.ebuild new file mode 100644 index 00000000000..8ad79070a47 --- /dev/null +++ b/net-misc/xmrig/xmrig-6.15.1-r1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit cmake systemd + +DESCRIPTION="RandomX, CryptoNight, KawPow, AstroBWT, and Argon2 CPU/GPU miner" +HOMEPAGE="https://xmrig.com https://github.com/xmrig/xmrig"; + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"; + inherit git-r3 +else + SRC_URI="https://github.com/xmrig/xmrig/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm64" +fi + +LICENSE="Apache-2.0 GPL-3+ MIT" +SLOT="0" +IUSE="cpu_flags_x86_sse4_1 donate hwloc +ssl" + +DEPEND=" + dev-libs/libuv:= + hwloc? ( sys-apps/hwloc:= ) + ssl? ( dev-libs/openssl:= ) +" +RDEPEND=" + ${DEPEND} + !arm64? ( sys-apps/msr-tools ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.12.2-nonotls.patch +) + +src_prepare() { + if ! use donate ; then + sed -i 's/1;/0;/g' src/donate.h || die + fi + + cmake_src_prepare +} + +src_configure() { + local mycmakeargs=( + -DWITH_SSE4_1=$(usex cpu_flags_x86_sse4_1) + -DWITH_HWLOC=$(usex hwloc) + -DWITH_TLS=$(usex ssl) + -DWITH_OPENCL=OFF + -DWITH_CUDA=OFF + ) + + cmake_src_configure +} + +src_install() { + default + keepdir /etc/xmrig + systemd_dounit "${FILESDIR}"/xmrig.service + dobin "${BUILD_DIR}/xmrig" + dobin "${S}/scripts/enable_1gb_pages.sh" + dobin "${S}/scripts/randomx_boost.sh" +}
