From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5EF8E158093 for ; Sun, 3 Jul 2022 18:13:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9C64DE0AE8; Sun, 3 Jul 2022 18:13:02 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 80711E0AE8 for ; Sun, 3 Jul 2022 18:13:02 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 97734341874 for ; Sun, 3 Jul 2022 18:13:01 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E0894448 for ; Sun, 3 Jul 2022 18:12:59 +0000 (UTC) From: "Arthur Zamarin" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Arthur Zamarin" Message-ID: <1656871975.906cdff29ce89248d6c00805c16f36cee0c032c9.arthurzam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-irc/irker/, net-irc/irker/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-irc/irker/files/irkerd.service net-irc/irker/irker-2.22-r1.ebuild net-irc/irker/irker-2.22-r2.ebuild X-VCS-Directories: net-irc/irker/files/ net-irc/irker/ X-VCS-Committer: arthurzam X-VCS-Committer-Name: Arthur Zamarin X-VCS-Revision: 906cdff29ce89248d6c00805c16f36cee0c032c9 X-VCS-Branch: master Date: Sun, 3 Jul 2022 18:12:59 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 909a3675-a55c-4b0f-a245-f61071e0f842 X-Archives-Hash: af58d3a604e912628adea32854d4cf95 commit: 906cdff29ce89248d6c00805c16f36cee0c032c9 Author: Arthur Zamarin gentoo org> AuthorDate: Sun Jul 3 17:55:15 2022 +0000 Commit: Arthur Zamarin gentoo org> CommitDate: Sun Jul 3 18:12:55 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=906cdff2 net-irc/irker: update systemd service file - fix the User by also setting DynamicUser (no need for new system user, and also much better security) - Better EPREFIX placeholder - Some more security options for less capabilities Signed-off-by: Arthur Zamarin gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/26212 Signed-off-by: Arthur Zamarin gentoo.org> net-irc/irker/files/irkerd.service | 21 +++++++++++++++++++++ .../{irker-2.22-r1.ebuild => irker-2.22-r2.ebuild} | 8 +++----- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/net-irc/irker/files/irkerd.service b/net-irc/irker/files/irkerd.service new file mode 100644 index 000000000000..232a8d5811a5 --- /dev/null +++ b/net-irc/irker/files/irkerd.service @@ -0,0 +1,21 @@ +# Copyright 2012 Wulf C. Krueger +# Copyright 2022 Arthur Zamarin +# Distributed under the terms of the BSD LICENSE + +[Unit] +Description=Internet Relay Chat (IRC) notification daemon +Requires=network.target +Documentation=man:irkerd(8) man:irkerhook(1) man:irk(1) + +[Service] +ExecStart=@EPREFIX@/usr/bin/irkerd +User=irker +DynamicUser=yes +NoNewPrivileges=yes +CapabilityBoundingSet= +PrivateDevices=yes +ProtectHome=yes + +[Install] +WantedBy=multi-user.target +Alias=irker.service diff --git a/net-irc/irker/irker-2.22-r1.ebuild b/net-irc/irker/irker-2.22-r2.ebuild similarity index 86% rename from net-irc/irker/irker-2.22-r1.ebuild rename to net-irc/irker/irker-2.22-r2.ebuild index e2bf844a14f6..085be79ae727 100644 --- a/net-irc/irker/irker-2.22-r1.ebuild +++ b/net-irc/irker/irker-2.22-r2.ebuild @@ -39,12 +39,10 @@ src_prepare() { default # Rely on systemd eclass for systemd service install - sed -i -e "/^SYSTEMDSYSTEMUNITDIR/d" Makefile \ - || die "sed failed" + sed -e "/^SYSTEMDSYSTEMUNITDIR/d" -i Makefile || die "sed failed" # Prefix support - sed -i -e "/^ExecStart=/ s:=/:=${EPREFIX}/:" irkerd.service \ - || die "sed failed" + sed -e "s|@EPREFIX@|${EPREFIX}|" "${FILESDIR}"/irkerd.service > "${WORKDIR}"/irkerd.service || die "sed failed" } src_install() { @@ -57,7 +55,7 @@ src_install() { newinitd "${FILESDIR}"/irkerd.initd irkerd newconfd "${FILESDIR}"/irkerd.confd irkerd - systemd_dounit irkerd.service + systemd_dounit "${WORKDIR}"/irkerd.service docinto examples dodoc filter-example.py filter-test.py