commit: 906cdff29ce89248d6c00805c16f36cee0c032c9 Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org> AuthorDate: Sun Jul 3 17:55:15 2022 +0000 Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org> CommitDate: Sun Jul 3 18:12:55 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=906cdff2
net-irc/irker: update systemd service file - fix the User by also setting DynamicUser (no need for new system user, and also much better security) - Better EPREFIX placeholder - Some more security options for less capabilities Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/26212 Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org> net-irc/irker/files/irkerd.service | 21 +++++++++++++++++++++ .../{irker-2.22-r1.ebuild => irker-2.22-r2.ebuild} | 8 +++----- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/net-irc/irker/files/irkerd.service b/net-irc/irker/files/irkerd.service new file mode 100644 index 000000000000..232a8d5811a5 --- /dev/null +++ b/net-irc/irker/files/irkerd.service @@ -0,0 +1,21 @@ +# Copyright 2012 Wulf C. Krueger <[email protected]> +# Copyright 2022 Arthur Zamarin <[email protected]> +# Distributed under the terms of the BSD LICENSE + +[Unit] +Description=Internet Relay Chat (IRC) notification daemon +Requires=network.target +Documentation=man:irkerd(8) man:irkerhook(1) man:irk(1) + +[Service] +ExecStart=@EPREFIX@/usr/bin/irkerd +User=irker +DynamicUser=yes +NoNewPrivileges=yes +CapabilityBoundingSet= +PrivateDevices=yes +ProtectHome=yes + +[Install] +WantedBy=multi-user.target +Alias=irker.service diff --git a/net-irc/irker/irker-2.22-r1.ebuild b/net-irc/irker/irker-2.22-r2.ebuild similarity index 86% rename from net-irc/irker/irker-2.22-r1.ebuild rename to net-irc/irker/irker-2.22-r2.ebuild index e2bf844a14f6..085be79ae727 100644 --- a/net-irc/irker/irker-2.22-r1.ebuild +++ b/net-irc/irker/irker-2.22-r2.ebuild @@ -39,12 +39,10 @@ src_prepare() { default # Rely on systemd eclass for systemd service install - sed -i -e "/^SYSTEMDSYSTEMUNITDIR/d" Makefile \ - || die "sed failed" + sed -e "/^SYSTEMDSYSTEMUNITDIR/d" -i Makefile || die "sed failed" # Prefix support - sed -i -e "/^ExecStart=/ s:=/:=${EPREFIX}/:" irkerd.service \ - || die "sed failed" + sed -e "s|@EPREFIX@|${EPREFIX}|" "${FILESDIR}"/irkerd.service > "${WORKDIR}"/irkerd.service || die "sed failed" } src_install() { @@ -57,7 +55,7 @@ src_install() { newinitd "${FILESDIR}"/irkerd.initd irkerd newconfd "${FILESDIR}"/irkerd.confd irkerd - systemd_dounit irkerd.service + systemd_dounit "${WORKDIR}"/irkerd.service docinto examples dodoc filter-example.py filter-test.py
