[arch-commits] Commit in matterbridge/trunk (PKGBUILD matterbridge.service)
Date: Thursday, April 9, 2020 @ 22:04:57 Author: archange Revision: 613057 upgpkg: matterbridge 1.17.2-1 Also enhance security of matterbridge.service Modified: matterbridge/trunk/PKGBUILD matterbridge/trunk/matterbridge.service --+ PKGBUILD |6 +++--- matterbridge.service | 27 ++- 2 files changed, 21 insertions(+), 12 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-04-09 21:55:15 UTC (rev 613056) +++ PKGBUILD2020-04-09 22:04:57 UTC (rev 613057) @@ -1,7 +1,7 @@ # Maintainer: Bruno Pagani pkgname=matterbridge -pkgver=1.17.1 +pkgver=1.17.2 pkgrel=1 pkgdesc="Multi-protocols (IRC/XMPP/Mattermost/Slack/Matrix/etc) bridge" arch=(x86_64) @@ -13,9 +13,9 @@ source=(${pkgname}-${pkgver}.tar.gz::"${url}/archive/v${pkgver}.tar.gz" ${pkgname}-${pkgver}.tar.gz.asc::"${url}/releases/download/v${pkgver}/v${pkgver}.tar.gz.asc" matterbridge.service) -sha256sums=('66c70c51e30ec5a6f21ffa084d86a3ade3575f82a1e33dc5ef167fba57d0c075' +sha256sums=('5580fadac3c5ded1c458ab12e93483338b0b076c868b0ceea9786112bca3621e' 'SKIP' -'89e52388054d3c83199ccbfe8f2dc02a6ae02ec1a2d024460b11464324a1fb9b') +'2b2953aab3dd943750e2095497d733949963d994d826548e3d046ec4975b68df') validpgpkeys=(CC7D978417C1AEA1E4CDD7240E41AB4BF4C610B4) # wim prepare() { Modified: matterbridge.service === --- matterbridge.service2020-04-09 21:55:15 UTC (rev 613056) +++ matterbridge.service2020-04-09 22:04:57 UTC (rev 613057) @@ -8,20 +8,29 @@ ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml Type=simple CapabilityBoundingSet= -NoNewPrivileges=True +AmbientCapabilities= +NoNewPrivileges=true +#SecureBits= +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true +PrivateNetwork=false PrivateUsers=true -PrivateDevices=true -PrivateTmp=true -ProtectHome=true -ProtectSystem=strict -ProtectControlGroups=yes +ProtectHostname=true +ProtectClock=true ProtectKernelTunables=true -ProtectKernelModules=yes +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +MemoryDenyWriteExecute=true LockPersonality=true -MemoryDenyWriteExecute=true RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallFilter=@system-service SystemCallArchitectures=native -SystemCallFilter=@system-service [Install] WantedBy=multi-user.target
[arch-commits] Commit in matterbridge/trunk (PKGBUILD matterbridge.service)
Date: Thursday, January 31, 2019 @ 15:20:00 Author: archange Revision: 428740 upgpkg: matterbridge 1.13.0-1 Modified: matterbridge/trunk/PKGBUILD matterbridge/trunk/matterbridge.service --+ PKGBUILD | 12 +--- matterbridge.service | 19 +-- 2 files changed, 26 insertions(+), 5 deletions(-) Modified: PKGBUILD === --- PKGBUILD2019-01-31 15:19:32 UTC (rev 428739) +++ PKGBUILD2019-01-31 15:20:00 UTC (rev 428740) @@ -1,7 +1,7 @@ # Maintainer: Bruno Pagani pkgname=matterbridge -pkgver=1.12.3 +pkgver=1.13.0 pkgrel=1 pkgdesc="Multi-protocols (IRC/XMPP/Mattermost/Slack/Matrix/etc) bridge" arch=('x86_64') @@ -13,11 +13,17 @@ source=(${pkgname}-${pkgver}.tar.gz::"${url}/archive/v${pkgver}.tar.gz" ${pkgname}-${pkgver}.tar.gz.asc::"${url}/releases/download/v${pkgver}/v${pkgver}.tar.gz.asc" 'matterbridge.service') -sha256sums=('240a76ea0c6d1cd4e671edf2684a606d052236e1140ce3c45582831f01d3ae12' +sha256sums=('6f66b562035d2cf1f9bb9fe2cacb36327326bb483673c4ddf8a2c7438b2487c9' 'SKIP' -'afb424b918f7108f5efae39afbed5d23d9a2c36710c6e0adbb96c7e5c7835aa3') +'89e52388054d3c83199ccbfe8f2dc02a6ae02ec1a2d024460b11464324a1fb9b') validpgpkeys=('CC7D978417C1AEA1E4CDD7240E41AB4BF4C610B4') # wim +prepare() { + cd ${pkgname}-${pkgver} + # https://github.com/golang/go/issues/29278 + sed -i 's:9PfxPUmasKzeJor9uQTaXLT6WUG/r+vSTmvXxvv3JO4:Y3vG4kINVWNQN8Y6Jdur8uLat7fSLV5n5yLE8n+JbF4:' go.sum +} + build() { cd ${pkgname}-${pkgver} go build -v \ Modified: matterbridge.service === --- matterbridge.service2019-01-31 15:19:32 UTC (rev 428739) +++ matterbridge.service2019-01-31 15:20:00 UTC (rev 428740) @@ -3,10 +3,25 @@ After=network.target [Service] -User=nobody -Group=nobody +User=matterbridge +DynamicUser=yes ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml Type=simple +CapabilityBoundingSet= +NoNewPrivileges=True +PrivateUsers=true +PrivateDevices=true +PrivateTmp=true +ProtectHome=true +ProtectSystem=strict +ProtectControlGroups=yes +ProtectKernelTunables=true +ProtectKernelModules=yes +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=@system-service [Install] WantedBy=multi-user.target