mirror of
https://github.com/archlinux/aur.git
synced 2026-01-27 20:28:31 +01:00
upgpkg: homebridge-config-ui-x 4.41.1-2
* Fixed incorrect license.
* Removed unnecessary dependencies.
* Removed environment file in favour of environment variables in the
systemd service file.
* Added an install file with post_{install,upgrade} functions.
* Hardened systemd service.
* Removed login shell for homebridge user account.
This commit is contained in:
George Rawlinson
parent
e2961549d4
commit
5c9dc5fdf8
6 changed files with 93 additions and 52 deletions
16
.SRCINFO
16
.SRCINFO
|
|
@ -1,29 +1,23 @@
|
|||
pkgbase = homebridge-config-ui-x
|
||||
pkgdesc = Web-based management tool for Homebridge
|
||||
pkgver = 4.41.1
|
||||
pkgrel = 1
|
||||
pkgrel = 2
|
||||
url = https://github.com/oznu/homebridge-config-ui-x
|
||||
install = homebridge-config-ui-x.install
|
||||
arch = any
|
||||
license = Apache
|
||||
makedepends = git
|
||||
license = MIT
|
||||
makedepends = npm
|
||||
makedepends = python
|
||||
makedepends = node-gyp
|
||||
depends = nodejs
|
||||
depends = avahi
|
||||
depends = homebridge
|
||||
options = !emptydirs
|
||||
options = !strip
|
||||
source = homebridge-config-ui-x-4.41.1.tar.gz::https://github.com/oznu/homebridge-config-ui-x/archive/4.41.1.tar.gz
|
||||
source = systemd.service
|
||||
source = environment.conf
|
||||
source = tmpfiles.conf
|
||||
source = sysusers.conf
|
||||
b2sums = 30e27e383e08af0fa1c6525531143280c0c54e081378001abde17bcf038874c7c6a2654b2c37b82fbe85cb75ccdd6ed42890eaef0c940ac4547aec8c75348e25
|
||||
b2sums = 4cba429db47cc84567b08bbeb5a7e3238870df66cfbca241ece4b98354c4af0180688e3de6528b1fcc0cf6f3e19a645c08bf6457ee5c69d3f1609102363b2039
|
||||
b2sums = 178bf94ccaac2dbcbb908c98e724da60656766eb6058583e644ea6cd7014f928cb5ad018ebc37c17429ad0a3daf09d3903b51c0da3a40282163a3ff4fa78e5a0
|
||||
b2sums = a0861270612dfe3ee33fab9fda23ab351625a76bfc006d44f39387c8b4fd7b67b7937d8c6dc94dbb584fe6e3fa657fd8754d3c823f2a2dd3d93f210d6b5d8102
|
||||
b2sums = c60e965907e85b4a6dac12b60419b5446085794bdbdba0221c41e7557ff520c3688ff79b1219e17ac982d585f2cf616140717b44f8ad2a5e5a72fd360617be65
|
||||
b2sums = 87e6a3ddcd70bd926d17ec33b007dea4108b7386714404a12647508766189c7bf863ab47515396d2ea149da791053beacb6854fa0b57fc409c09cc6aeaffd7e5
|
||||
b2sums = 17039410c1e7aa8efd781a6a9acd31084a632998f0ea57f0df40fa028d12527b24bec71fdf28691b8e23fbfdef10c9b327875477ee113ffa9ad022d84a35552e
|
||||
|
||||
pkgname = homebridge-config-ui-x
|
||||
|
||||
|
|
|
|||
43
PKGBUILD
43
PKGBUILD
|
|
@ -2,35 +2,33 @@
|
|||
|
||||
pkgname=homebridge-config-ui-x
|
||||
pkgver=4.41.1
|
||||
pkgrel=1
|
||||
pkgrel=2
|
||||
pkgdesc="Web-based management tool for Homebridge"
|
||||
arch=('any')
|
||||
url="https://github.com/oznu/homebridge-config-ui-x"
|
||||
license=('Apache')
|
||||
depends=('nodejs' 'avahi' 'homebridge')
|
||||
makedepends=(
|
||||
'git'
|
||||
'npm'
|
||||
'python'
|
||||
'node-gyp'
|
||||
)
|
||||
license=('MIT')
|
||||
depends=('homebridge')
|
||||
makedepends=('npm')
|
||||
options=('!emptydirs' '!strip')
|
||||
source=(
|
||||
"$pkgname-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz"
|
||||
'systemd.service'
|
||||
'environment.conf'
|
||||
'tmpfiles.conf'
|
||||
'sysusers.conf'
|
||||
)
|
||||
install="$pkgname.install"
|
||||
b2sums=('30e27e383e08af0fa1c6525531143280c0c54e081378001abde17bcf038874c7c6a2654b2c37b82fbe85cb75ccdd6ed42890eaef0c940ac4547aec8c75348e25'
|
||||
'4cba429db47cc84567b08bbeb5a7e3238870df66cfbca241ece4b98354c4af0180688e3de6528b1fcc0cf6f3e19a645c08bf6457ee5c69d3f1609102363b2039'
|
||||
'178bf94ccaac2dbcbb908c98e724da60656766eb6058583e644ea6cd7014f928cb5ad018ebc37c17429ad0a3daf09d3903b51c0da3a40282163a3ff4fa78e5a0'
|
||||
'a0861270612dfe3ee33fab9fda23ab351625a76bfc006d44f39387c8b4fd7b67b7937d8c6dc94dbb584fe6e3fa657fd8754d3c823f2a2dd3d93f210d6b5d8102'
|
||||
'c60e965907e85b4a6dac12b60419b5446085794bdbdba0221c41e7557ff520c3688ff79b1219e17ac982d585f2cf616140717b44f8ad2a5e5a72fd360617be65'
|
||||
'87e6a3ddcd70bd926d17ec33b007dea4108b7386714404a12647508766189c7bf863ab47515396d2ea149da791053beacb6854fa0b57fc409c09cc6aeaffd7e5')
|
||||
'17039410c1e7aa8efd781a6a9acd31084a632998f0ea57f0df40fa028d12527b24bec71fdf28691b8e23fbfdef10c9b327875477ee113ffa9ad022d84a35552e')
|
||||
|
||||
build() {
|
||||
cd "$pkgname-$pkgver"
|
||||
|
||||
# NOTE: package is built this way because the dist/ directory is not
|
||||
# included in the source, only in npm source due to a prepublish script
|
||||
# which does not get installed correctly if the npm source is used.
|
||||
|
||||
# install dependencies
|
||||
npm install
|
||||
|
||||
|
|
@ -49,22 +47,21 @@ build() {
|
|||
|
||||
package() {
|
||||
cd "$pkgname-$pkgver"
|
||||
npm install --global --prefix "$pkgdir/usr" "$srcdir/$pkgname-$pkgver/$pkgname-$pkgver.tgz"
|
||||
|
||||
# Non-deterministic race in npm gives 777 permissions to random directories.
|
||||
# See https://github.com/npm/cli/issues/1103 for details.
|
||||
find "$pkgdir/usr" -type d -exec chmod 755 {} +
|
||||
npm install --global --prefix "$pkgdir/usr" "$pkgname-$pkgver.tgz"
|
||||
|
||||
# npm gives ownership of ALL FILES to build user
|
||||
# https://bugs.archlinux.org/task/63396
|
||||
chown -R root:root "$pkgdir"
|
||||
|
||||
# license
|
||||
install -vDm644 -t "$pkgdir/usr/share/licenses/$pkgname" "$pkgdir/usr/lib/node_modules/$pkgname/LICENSE"
|
||||
install -vDm644 -t "$pkgdir/usr/share/licenses/$pkgname" \
|
||||
"$pkgdir/usr/lib/node_modules/$pkgname/LICENSE"
|
||||
|
||||
# systemd integration
|
||||
install -vDm644 "$srcdir/sysusers.conf" "$pkgdir/usr/lib/sysusers.d/homebridge.conf"
|
||||
install -vDm644 "$srcdir/tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/homebridge.conf"
|
||||
install -vDm644 "$srcdir/systemd.service" "$pkgdir/usr/lib/systemd/system/homebridge.service"
|
||||
install -vDm644 "$srcdir/environment.conf" "$pkgdir/etc/conf.d/homebridge"
|
||||
install -vDm644 "$srcdir/sysusers.conf" \
|
||||
"$pkgdir/usr/lib/sysusers.d/homebridge.conf"
|
||||
install -vDm644 "$srcdir/tmpfiles.conf" \
|
||||
"$pkgdir/usr/lib/tmpfiles.d/homebridge.conf"
|
||||
install -vDm644 "$srcdir/systemd.service" \
|
||||
"$pkgdir/usr/lib/systemd/system/homebridge.service"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
HOMEBRIDGE_OPTS="-I -U /var/lib/homebridge"
|
||||
UIX_STORAGE_PATH="/var/lib/homebridge"
|
||||
|
||||
# To enable web terminals via homebridge-config-ui-x uncomment the following line
|
||||
# HOMEBRIDGE_CONFIG_UI_TERMINAL=1
|
||||
|
||||
DISABLE_OPENCOLLECTIVE=true
|
||||
32
homebridge-config-ui-x.install
Normal file
32
homebridge-config-ui-x.install
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
post_install() {
|
||||
cat <<-EOF
|
||||
|
||||
Start homebridge + ui with systemd:
|
||||
|
||||
$ systemctl enable --now homebridge
|
||||
|
||||
Caveats:
|
||||
|
||||
1) /usr/bin/hb-service places files all over the system, and it will
|
||||
also modify /etc/sudoers. It is also capable of installing an
|
||||
alternative binary of Node.js. It is recommended to *never* use it.
|
||||
|
||||
2) Installing or upgrading plugins from the web ui invokes npm install
|
||||
globally, which is terrible opsec. It is recommended to instead package
|
||||
any plugins and make them available on the AUR.
|
||||
|
||||
3) To give permissions to the web ui to poweroff/reboot the machine,
|
||||
create a drop-in file in /etc/sudoers.d similar to:
|
||||
|
||||
homebridge ALL=(ALL) NOPASSWD:SETENV: /usr/bin/shutdown
|
||||
|
||||
4) The web ui runs commands with sudo in various places.
|
||||
|
||||
You have been warned.
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
post_upgrade() {
|
||||
post_install
|
||||
}
|
||||
|
|
@ -1,21 +1,46 @@
|
|||
[Unit]
|
||||
Description=Homebridge
|
||||
Wants=network-online.target
|
||||
Requires=network-online.target
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment=HOMEBRIDGE_OPTS="-I -U /var/lib/homebridge"
|
||||
Environment=UIX_STORAGE_PATH="/var/lib/homebridge"
|
||||
ExecStart=/usr/bin/hb-service run $HOMEBRIDGE_OPTS
|
||||
User=homebridge
|
||||
Group=homebridge
|
||||
PermissionsStartOnly=true
|
||||
WorkingDirectory=/var/lib/homebridge
|
||||
EnvironmentFile=/etc/conf.d/homebridge
|
||||
ExecStart=/usr/bin/hb-service run $HOMEBRIDGE_OPTS
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
KillMode=process
|
||||
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CAP_SYS_ADMIN
|
||||
AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||
RestartSec=5s
|
||||
WorkingDirectory=/var/lib/homebridge
|
||||
ReadWritePaths=/var/lib/homebridge
|
||||
NoNewPrivileges=yes
|
||||
UMask=0077
|
||||
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
PrivateUsers=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateMounts=yes
|
||||
ProtectHostname=yes
|
||||
ProtectClock=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectControlGroups=yes
|
||||
RestrictNamespaces=yes
|
||||
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 # causes status=1/FAILURE
|
||||
LockPersonality=yes
|
||||
#MemoryDenyWriteExecute=yes # causes issues with V8
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
RemoveIPC=yes
|
||||
CapabilityBoundingSet=
|
||||
AmbientCapabilities=
|
||||
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@privileged @resources
|
||||
SystemCallArchitectures=native
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
u homebridge - "Homebridge user" /var/lib/homebridge /bin/bash
|
||||
u homebridge - "Homebridge user" /var/lib/homebridge
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue