From a88ee65602e4d8a0315bf31d08c0e8dc11d45c48 Mon Sep 17 00:00:00 2001 From: whoizit Date: Fri, 19 Mar 2021 20:51:07 +0300 Subject: [PATCH] yggdrasil: update to 0.3.16. - partially revert service changes from c33aec8e707d49731c7b94996450d3ebb0178ce0, now that we ship a util-linux version that can always handle -all or +all with setpriv(1). - remove TODO comment: switching to using a user + adding caps to it would break some setups and is no longer necessary. It also isn't the recommended setup from upstream. --- srcpkgs/yggdrasil/files/yggdrasil/run | 12 ++++-------- srcpkgs/yggdrasil/template | 4 ++-- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/srcpkgs/yggdrasil/files/yggdrasil/run b/srcpkgs/yggdrasil/files/yggdrasil/run index 40460c8a1ef1..0c5e259b3ae5 100755 --- a/srcpkgs/yggdrasil/files/yggdrasil/run +++ b/srcpkgs/yggdrasil/files/yggdrasil/run @@ -1,13 +1,9 @@ #!/bin/sh modprobe tun -# limiting caps is temporarily disabled, as it breaks with -# setpriv: libcap-ng is too old for "all" caps -# TODO: instead of dropping all caps, start with a -# non-priv user and manually add needed privileges instead. -#caps='-all,+NET_ADMIN,+NET_RAW' -#drop_caps="setpriv --inh-caps $caps --bounding-set $caps" +caps='-all,+NET_ADMIN,+NET_RAW' +drop_caps="setpriv --inh-caps $caps --bounding-set $caps" if [ -f /etc/yggdrasil.conf ]; then - exec yggdrasil -useconffile /etc/yggdrasil.conf 2>&1 + exec $drop_caps yggdrasil -useconffile /etc/yggdrasil.conf 2>&1 else - exec yggdrasil -autoconf 2>&1 + exec $drop_caps yggdrasil -autoconf 2>&1 fi diff --git a/srcpkgs/yggdrasil/template b/srcpkgs/yggdrasil/template index 74c3c32537e0..4f7408506d1a 100644 --- a/srcpkgs/yggdrasil/template +++ b/srcpkgs/yggdrasil/template @@ -1,6 +1,6 @@ # Template file for 'yggdrasil' pkgname=yggdrasil -version=0.3.15 +version=0.3.16 revision=1 wrksrc="yggdrasil-go-${version}" build_style=go @@ -11,7 +11,7 @@ maintainer="Jan Christian Gruenhage " license="LGPL-3.0-only" homepage="https://yggdrasil-network.github.io/" distfiles="https://github.com/yggdrasil-network/yggdrasil-go/archive/v${version}.tar.gz" -checksum=25ea85399a142aa7a3d6f6886fd4e0d215116c4c8c33453de43999787d735565 +checksum=e03595b78906b171155aaa11c922be3418bd056f8547e4d9f5123b6047316eac do_build() { PKGNAME=${pkgname} PKGVER=${version} ./build