From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1632425-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 606FD1581D3
	for <garchives@archives.gentoo.org>; Fri, 17 May 2024 19:27:33 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 76B5DE29E5;
	Fri, 17 May 2024 19:27:32 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 526A9E29E5
	for <gentoo-commits@lists.gentoo.org>; Fri, 17 May 2024 19:27:32 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 7C9BB33BE19
	for <gentoo-commits@lists.gentoo.org>; Fri, 17 May 2024 19:27:31 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id DE29B132F
	for <gentoo-commits@lists.gentoo.org>; Fri, 17 May 2024 19:27:29 +0000 (UTC)
From: "Craig Andrews" <candrews@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Craig Andrews" <candrews@gentoo.org>
Message-ID: <1715974046.2069b41a2cd93fde9598508690671175b38e1cd0.candrews@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/sslh/, net-misc/sslh/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-misc/sslh/files/sslh.service net-misc/sslh/sslh-2.1.2.ebuild net-misc/sslh/sslh-9999.ebuild
X-VCS-Directories: net-misc/sslh/ net-misc/sslh/files/
X-VCS-Committer: candrews
X-VCS-Committer-Name: Craig Andrews
X-VCS-Revision: 2069b41a2cd93fde9598508690671175b38e1cd0
X-VCS-Branch: master
Date: Fri, 17 May 2024 19:27:29 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 24493725-42c1-49ea-bf57-8916e931f299
X-Archives-Hash: ed39604008991a855e3ca1b28f0ad581

commit:     2069b41a2cd93fde9598508690671175b38e1cd0
Author:     Craig Andrews <candrews <AT> gentoo <DOT> org>
AuthorDate: Fri May 17 19:25:19 2024 +0000
Commit:     Craig Andrews <candrews <AT> gentoo <DOT> org>
CommitDate: Fri May 17 19:27:26 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2069b41a

net-misc/sslh: fix systemd service installation

https://bugs.gentoo.org/932015
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org>

 net-misc/sslh/files/sslh.service | 28 ++++++++++++++++++++++++++++
 net-misc/sslh/sslh-2.1.2.ebuild  |  3 +--
 net-misc/sslh/sslh-9999.ebuild   |  3 +--
 3 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/net-misc/sslh/files/sslh.service b/net-misc/sslh/files/sslh.service
new file mode 100644
index 000000000000..9d58362220f0
--- /dev/null
+++ b/net-misc/sslh/files/sslh.service
@@ -0,0 +1,28 @@
+# /etc/systemd/system/sslh.service
+[Unit]
+Description=SSL/SSH multiplexer (fork mode) for %I
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/sslh
+ExecStart=/usr/sbin/sslh -f $DAEMON_OPTS
+KillMode=process
+#Hardening
+PrivateTmp=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+SecureBits=noroot-locked
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

diff --git a/net-misc/sslh/sslh-2.1.2.ebuild b/net-misc/sslh/sslh-2.1.2.ebuild
index 1a3dc9b9f8e3..efb4eb40c48d 100644
--- a/net-misc/sslh/sslh-2.1.2.ebuild
+++ b/net-misc/sslh/sslh-2.1.2.ebuild
@@ -76,8 +76,7 @@ src_install() {
 
 	if use systemd; then
 		# Gentoo puts the binaries in /usr/sbin, but upstream puts them in /usr/bin
-		sed -i -e 's~/usr/bin/~/usr/sbin/~g' scripts/systemd.sslh.service || die
-		systemd_newunit scripts/systemd.sslh.service sslh.service
+		systemd_newunit "${FILESDIR}/sslh.service" sslh.service
 		exeinto /usr/lib/systemd/system-generators/
 		doexe systemd-sslh-generator
 	fi

diff --git a/net-misc/sslh/sslh-9999.ebuild b/net-misc/sslh/sslh-9999.ebuild
index 1a3dc9b9f8e3..efb4eb40c48d 100644
--- a/net-misc/sslh/sslh-9999.ebuild
+++ b/net-misc/sslh/sslh-9999.ebuild
@@ -76,8 +76,7 @@ src_install() {
 
 	if use systemd; then
 		# Gentoo puts the binaries in /usr/sbin, but upstream puts them in /usr/bin
-		sed -i -e 's~/usr/bin/~/usr/sbin/~g' scripts/systemd.sslh.service || die
-		systemd_newunit scripts/systemd.sslh.service sslh.service
+		systemd_newunit "${FILESDIR}/sslh.service" sslh.service
 		exeinto /usr/lib/systemd/system-generators/
 		doexe systemd-sslh-generator
 	fi