From eb6c2b3f6538eec7b7a319b7c859dbb57ce9af6e Mon Sep 17 00:00:00 2001 From: s3lph Date: Fri, 19 Oct 2018 23:48:36 +0200 Subject: [PATCH] Fixed system integration (especially systemd + capabilities. --- .gitlab-ci.yml | 2 +- package/archlinux/PKGBUILD | 10 ++++-- package/archlinux/matemat.install | 35 +++++++++---------- .../usr/lib/systemd/system/matemat.service | 4 ++- .../usr/lib/systemd/system/matemat.service | 4 ++- 5 files changed, 32 insertions(+), 23 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 211851a..27071e2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -93,7 +93,7 @@ build_archlinux: - mv matemat/usr/bin/matemat matemat/usr/lib/matemat/matemat - rm -rf matemat/usr/bin - sed -re "s/__VERSION__/${MATEMAT_VERSION}/g" -i PKGBUILD - - sudo -u nobody makepkg + - sudo -u nobody makepkg -c - mv matemat-${MATEMAT_VERSION}-1-any.pkg.tar.xz "matemat-${MATEMAT_VERSION}+${CI_COMMIT_REF_NAME}-1-any.pkg.tar.xz" artifacts: paths: diff --git a/package/archlinux/PKGBUILD b/package/archlinux/PKGBUILD index 4815d86..d062d49 100644 --- a/package/archlinux/PKGBUILD +++ b/package/archlinux/PKGBUILD @@ -2,7 +2,7 @@ # Maintainer: s3lph pkgname=matemat -pkgver=__VERSION__ +pkgver=0.1 pkgrel=1 arch=('any') @@ -18,6 +18,12 @@ depends=( 'file' ) +backup=( + 'etc/matemat.conf' +) + install=$pkgname.install -pkgdir=matemat/ +package() { + cp -r ../matemat/* ../pkg/matemat/ +} diff --git a/package/archlinux/matemat.install b/package/archlinux/matemat.install index 7595190..8a33b84 100755 --- a/package/archlinux/matemat.install +++ b/package/archlinux/matemat.install @@ -1,24 +1,23 @@ post_install() { - set -e - - if [[ "$1" == "configure" ]]; then - - if ! getent group matemat >/dev/null; then - groupadd --system matemat - fi - - if ! getent passwd matemat >/dev/null; then - useradd --system --create-home --gid matemat --home-dir /var/lib/matemat --shell /usr/bin/nologin matemat - fi - - chown matemat:matemat -R /var/lib/matemat - find /var/lib/matemat -type d -exec chmod 0750 {} - find /var/lib/matemat -type f -exec chmod 0640 {} - - setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/matemat - + if ! getent group matemat >/dev/null; then + groupadd --system matemat fi + if ! getent passwd matemat >/dev/null; then + useradd --system --create-home --gid matemat --home-dir /var/lib/matemat --shell /usr/bin/nologin matemat + fi + + chown matemat:matemat -R /var/lib/matemat + find /var/lib/matemat -type d -exec chmod 0750 {} \; + find /var/lib/matemat -type f -exec chmod 0640 {} \; + +} + +pre_remove() { + + systemctl stop matemat.service + userdel matemat + } diff --git a/package/archlinux/matemat/usr/lib/systemd/system/matemat.service b/package/archlinux/matemat/usr/lib/systemd/system/matemat.service index ae2283f..6656268 100644 --- a/package/archlinux/matemat/usr/lib/systemd/system/matemat.service +++ b/package/archlinux/matemat/usr/lib/systemd/system/matemat.service @@ -3,8 +3,10 @@ Description=matemat After=networking.target [Service] -Exec=/usr/lib/matemat/matemat /etc/matemat.conf /usr/lib/matemat/matemat.conf +ExecStart=/usr/bin/python -m matemat /etc/matemat.conf /usr/lib/matemat/matemat.conf User=matemat +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true [Install] WantedBy=multi-user.target diff --git a/package/debian/matemat/usr/lib/systemd/system/matemat.service b/package/debian/matemat/usr/lib/systemd/system/matemat.service index ae2283f..3dba957 100644 --- a/package/debian/matemat/usr/lib/systemd/system/matemat.service +++ b/package/debian/matemat/usr/lib/systemd/system/matemat.service @@ -3,8 +3,10 @@ Description=matemat After=networking.target [Service] -Exec=/usr/lib/matemat/matemat /etc/matemat.conf /usr/lib/matemat/matemat.conf +ExecStart=/usr/bin/python3 -m matemat /etc/matemat.conf /usr/lib/matemat/matemat.conf User=matemat +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true [Install] WantedBy=multi-user.target