[PR PATCH] New package: shadowsocks-rust-1.23.2

[PR PATCH] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 2038 bytes --]

There is a new pull request by JkktBkkt against master on the void-packages repository

https://github.com/JkktBkkt/void-packages shadowsocks-rust
https://github.com/void-linux/void-packages/pull/55225

New package: shadowsocks-rust-1.23.2
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**: system, compiled

Both new and old, this is the currently actively developed and maintained port of shadowsocks. Currently void provides the libev version, which received 1 commit in 2.5 years and hasn't had a release for nearly 4.5.

A few things I'd want to ask for guidance on:
1. Current template is modeled closely after the libev one, but considering that shadowsocks is commonly used with binary plugins these days, running the service as separate user requires adding the capabilities to plugins similar to how it's done with shadowsocks's binaries, i.e. `setcap cap_net_bind_service+ep simple-tls` or no longer switching to root user. 
Should some kind of message mentioning this be added, or perhaps it's better to simply drop the system account?

2. From what I know, typical functionality, being simple client+server configs, can be used as a drop-in replacement (that said, binaries are named differently). I'm unsure whether it would be best to keep both completely separately for now or try to transition configurations, system accounts and paths from -libev into -rust somehow.

#### Local build testing
- I built and tested this PR locally for my native architectures, x86_64 glibc (as `sslocal` and `ssservice local`) and tested cross-built aarch64 glibc version (as `ssserver` and `ssservice server`)

I have cross-built but haven't tested for these architectures:
- aarch64-musl
- armv6l (-musl)
- armv7l (-musl)




A patch file from https://github.com/void-linux/void-packages/pull/55225.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadowsocks-rust-55225.patch --]
[-- Type: text/x-diff, Size: 3049 bytes --]

From 40728608e6b42a87f9574eb8e3c2a62d5b3178c0 Mon Sep 17 00:00:00 2001
From: JkktBkkt <apkabikov@gmail.com>
Date: Thu, 1 May 2025 16:06:56 +0300
Subject: [PATCH] New package: shadowsocks-rust-1.23.2

---
 srcpkgs/shadowsocks-rust/INSTALL              |  8 +++++++
 .../files/shadowsocks-rust-client/run         |  3 +++
 .../files/shadowsocks-rust-server/run         |  3 +++
 srcpkgs/shadowsocks-rust/template             | 24 +++++++++++++++++++
 4 files changed, 38 insertions(+)
 create mode 100644 srcpkgs/shadowsocks-rust/INSTALL
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
 create mode 100644 srcpkgs/shadowsocks-rust/template

diff --git a/srcpkgs/shadowsocks-rust/INSTALL b/srcpkgs/shadowsocks-rust/INSTALL
new file mode 100644
index 00000000000000..3cc7929c8a346a
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/INSTALL
@@ -0,0 +1,8 @@
+case "${ACTION}" in
+post)
+	setcap cap_net_bind_service,cap_net_admin+ep usr/bin/sslocal
+	setcap cap_net_bind_service+ep usr/bin/ssserver
+	setcap cap_net_bind_service+ep usr/bin/ssservice
+	setcap cap_net_bind_service+ep usr/bin/ssmanager
+	;;
+esac
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
new file mode 100644
index 00000000000000..c002dcf2860cf6
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u _shadowsocks:_shadowsocks ssservice local -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
new file mode 100644
index 00000000000000..c34e4b12c12560
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u _shadowsocks:_shadowsocks ssservice server -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/template b/srcpkgs/shadowsocks-rust/template
new file mode 100644
index 00000000000000..1f1947d87782a4
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/template
@@ -0,0 +1,24 @@
+# Template file for 'shadowsocks-rust'
+pkgname=shadowsocks-rust
+version=1.23.2
+revision=1
+build_style=cargo
+hostmakedepends="pkg-config"
+makedepends="libzstd-devel"
+short_desc="Rust port of shadowsocks, a fast lightweight obfuscated tunnel proxy"
+maintainer="JkktBkkt <apkabikov@gmail.com>"
+license="MIT"
+homepage="https://github.com/shadowsocks/shadowsocks-rust/"
+distfiles="https://github.com/shadowsocks/shadowsocks-rust/archive/refs/tags/v${version}.tar.gz"
+checksum=1bede0eb443063c37317728d568638e3348d86f1292c9864c5bdc5a9f96d8b7a
+
+system_accounts="_shadowsocks"
+make_dirs="/etc/${pkgname} 0750 _shadowsocks _shadowsocks"
+
+post_install() {
+	vlicense LICENSE
+	vsv ${pkgname}-server
+	vsv ${pkgname}-client
+	vsconf examples/config.json
+	vsconf examples/config_ext.json
+}

Re: [PR PATCH] [Updated] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 2043 bytes --]

There is an updated pull request by JkktBkkt against master on the void-packages repository

https://github.com/JkktBkkt/void-packages shadowsocks-rust
https://github.com/void-linux/void-packages/pull/55225

New package: shadowsocks-rust-1.23.2
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**: system, compiled

Both new and old, this is the currently actively developed and maintained port of shadowsocks. Currently void provides the libev version, which received 1 commit in 2.5 years and hasn't had a release for nearly 4.5.

A few things I'd want to ask for guidance on:
1. Current template is modeled closely after the libev one, but considering that shadowsocks is commonly used with binary plugins these days, running the service as separate user requires adding the capabilities to plugins similar to how it's done with shadowsocks's binaries, i.e. `setcap cap_net_bind_service+ep simple-tls` or no longer switching to root user. 
Should some kind of message mentioning this be added, or perhaps it's better to simply drop the system account?

2. From what I know, typical functionality, being simple client+server configs, can be used as a drop-in replacement (that said, binaries are named differently). I'm unsure whether it would be best to keep both completely separately for now or try to transition configurations, system accounts and paths from -libev into -rust somehow.

#### Local build testing
- I built and tested this PR locally for my native architectures, x86_64 glibc (as `sslocal` and `ssservice local`) and tested cross-built aarch64 glibc version (as `ssserver` and `ssservice server`)

I have cross-built but haven't tested for these architectures:
- aarch64-musl
- armv6l (-musl)
- armv7l (-musl)




A patch file from https://github.com/void-linux/void-packages/pull/55225.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadowsocks-rust-55225.patch --]
[-- Type: text/x-diff, Size: 3049 bytes --]

From 071cbe554dbf839f5891f95f756106b95876a119 Mon Sep 17 00:00:00 2001
From: JkktBkkt <apkabikov@gmail.com>
Date: Thu, 1 May 2025 16:06:56 +0300
Subject: [PATCH] New package: shadowsocks-rust-1.23.4

---
 srcpkgs/shadowsocks-rust/INSTALL              |  8 +++++++
 .../files/shadowsocks-rust-client/run         |  3 +++
 .../files/shadowsocks-rust-server/run         |  3 +++
 srcpkgs/shadowsocks-rust/template             | 24 +++++++++++++++++++
 4 files changed, 38 insertions(+)
 create mode 100644 srcpkgs/shadowsocks-rust/INSTALL
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
 create mode 100644 srcpkgs/shadowsocks-rust/template

diff --git a/srcpkgs/shadowsocks-rust/INSTALL b/srcpkgs/shadowsocks-rust/INSTALL
new file mode 100644
index 00000000000000..3cc7929c8a346a
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/INSTALL
@@ -0,0 +1,8 @@
+case "${ACTION}" in
+post)
+	setcap cap_net_bind_service,cap_net_admin+ep usr/bin/sslocal
+	setcap cap_net_bind_service+ep usr/bin/ssserver
+	setcap cap_net_bind_service+ep usr/bin/ssservice
+	setcap cap_net_bind_service+ep usr/bin/ssmanager
+	;;
+esac
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
new file mode 100644
index 00000000000000..c002dcf2860cf6
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u _shadowsocks:_shadowsocks ssservice local -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
new file mode 100644
index 00000000000000..c34e4b12c12560
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u _shadowsocks:_shadowsocks ssservice server -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/template b/srcpkgs/shadowsocks-rust/template
new file mode 100644
index 00000000000000..3fe5a65049e84a
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/template
@@ -0,0 +1,24 @@
+# Template file for 'shadowsocks-rust'
+pkgname=shadowsocks-rust
+version=1.23.4
+revision=1
+build_style=cargo
+hostmakedepends="pkg-config"
+makedepends="libzstd-devel"
+short_desc="Rust port of shadowsocks, a fast lightweight obfuscated tunnel proxy"
+maintainer="JkktBkkt <apkabikov@gmail.com>"
+license="MIT"
+homepage="https://github.com/shadowsocks/shadowsocks-rust/"
+distfiles="https://github.com/shadowsocks/shadowsocks-rust/archive/refs/tags/v${version}.tar.gz"
+checksum=8a91836256989e3a56409d0e83da6549ecf727e2d6642cd4e707993d9c8a23d3
+
+system_accounts="_shadowsocks"
+make_dirs="/etc/${pkgname} 0750 _shadowsocks _shadowsocks"
+
+post_install() {
+	vlicense LICENSE
+	vsv ${pkgname}-server
+	vsv ${pkgname}-client
+	vsconf examples/config.json
+	vsconf examples/config_ext.json
+}

Re: [PR REVIEW] New package: shadowsocks-rust-1.23.2

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 277 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/55225#discussion_r2119645794

Comment:
don't use `pkgname` variable here and in `post_install`, they are not variable and would need to be changed if `pkgname` changes.

Re: [PR PATCH] [Updated] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 2043 bytes --]

There is an updated pull request by JkktBkkt against master on the void-packages repository

https://github.com/JkktBkkt/void-packages shadowsocks-rust
https://github.com/void-linux/void-packages/pull/55225

New package: shadowsocks-rust-1.23.2
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**: system, compiled

Both new and old, this is the currently actively developed and maintained port of shadowsocks. Currently void provides the libev version, which received 1 commit in 2.5 years and hasn't had a release for nearly 4.5.

A few things I'd want to ask for guidance on:
1. Current template is modeled closely after the libev one, but considering that shadowsocks is commonly used with binary plugins these days, running the service as separate user requires adding the capabilities to plugins similar to how it's done with shadowsocks's binaries, i.e. `setcap cap_net_bind_service+ep simple-tls` or no longer switching to root user. 
Should some kind of message mentioning this be added, or perhaps it's better to simply drop the system account?

2. From what I know, typical functionality, being simple client+server configs, can be used as a drop-in replacement (that said, binaries are named differently). I'm unsure whether it would be best to keep both completely separately for now or try to transition configurations, system accounts and paths from -libev into -rust somehow.

#### Local build testing
- I built and tested this PR locally for my native architectures, x86_64 glibc (as `sslocal` and `ssservice local`) and tested cross-built aarch64 glibc version (as `ssserver` and `ssservice server`)

I have cross-built but haven't tested for these architectures:
- aarch64-musl
- armv6l (-musl)
- armv7l (-musl)




A patch file from https://github.com/void-linux/void-packages/pull/55225.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadowsocks-rust-55225.patch --]
[-- Type: text/x-diff, Size: 3067 bytes --]

From e5fd093c4389e23ab4e9fcf9901ae91a81d6cca2 Mon Sep 17 00:00:00 2001
From: JkktBkkt <apkabikov@gmail.com>
Date: Thu, 1 May 2025 16:06:56 +0300
Subject: [PATCH] New package: shadowsocks-rust-1.23.4

---
 srcpkgs/shadowsocks-rust/INSTALL              |  8 +++++++
 .../files/shadowsocks-rust-client/run         |  3 +++
 .../files/shadowsocks-rust-server/run         |  3 +++
 srcpkgs/shadowsocks-rust/template             | 24 +++++++++++++++++++
 4 files changed, 38 insertions(+)
 create mode 100644 srcpkgs/shadowsocks-rust/INSTALL
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
 create mode 100644 srcpkgs/shadowsocks-rust/template

diff --git a/srcpkgs/shadowsocks-rust/INSTALL b/srcpkgs/shadowsocks-rust/INSTALL
new file mode 100644
index 00000000000000..3cc7929c8a346a
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/INSTALL
@@ -0,0 +1,8 @@
+case "${ACTION}" in
+post)
+	setcap cap_net_bind_service,cap_net_admin+ep usr/bin/sslocal
+	setcap cap_net_bind_service+ep usr/bin/ssserver
+	setcap cap_net_bind_service+ep usr/bin/ssservice
+	setcap cap_net_bind_service+ep usr/bin/ssmanager
+	;;
+esac
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
new file mode 100644
index 00000000000000..c002dcf2860cf6
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u _shadowsocks:_shadowsocks ssservice local -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
new file mode 100644
index 00000000000000..c34e4b12c12560
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u _shadowsocks:_shadowsocks ssservice server -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/template b/srcpkgs/shadowsocks-rust/template
new file mode 100644
index 00000000000000..589c51dd6c2787
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/template
@@ -0,0 +1,24 @@
+# Template file for 'shadowsocks-rust'
+pkgname=shadowsocks-rust
+version=1.23.4
+revision=1
+build_style=cargo
+hostmakedepends="pkg-config"
+makedepends="libzstd-devel"
+short_desc="Rust port of shadowsocks, a fast lightweight obfuscated tunnel proxy"
+maintainer="JkktBkkt <apkabikov@gmail.com>"
+license="MIT"
+homepage="https://github.com/shadowsocks/shadowsocks-rust/"
+distfiles="https://github.com/shadowsocks/shadowsocks-rust/archive/refs/tags/v${version}.tar.gz"
+checksum=8a91836256989e3a56409d0e83da6549ecf727e2d6642cd4e707993d9c8a23d3
+
+system_accounts="_shadowsocks"
+make_dirs="/etc/shadowsocks-rust 0750 _shadowsocks _shadowsocks"
+
+post_install() {
+	vlicense LICENSE
+	vsv shadowsocks-rust-server
+	vsv shadowsocks-rust-client
+	vsconf examples/config.json
+	vsconf examples/config_ext.json
+}

Re: [PR REVIEW] New package: shadowsocks-rust-1.23.2

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 250 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/55225#discussion_r2119793365

Comment:
Should the configuration directory actually be owned by the less privileged user or just be readable? 

Re: [PR REVIEW] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 535 bytes --]

New review comment by JkktBkkt on void-packages repository

https://github.com/void-linux/void-packages/pull/55225#discussion_r2122601666

Comment:
For the self-hosting usage, especially client-only connect, doesn't need to. 
However, the package does supply `ssmanager` binary which is expected to have a working directory, but I suppose that is somewhat outside the norm and thus the user can decide to change ownership of that directory on their own?
I'm not sure whether this should be changed, what's your take given the above?

Re: [PR REVIEW] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 630 bytes --]

New review comment by JkktBkkt on void-packages repository

https://github.com/void-linux/void-packages/pull/55225#discussion_r2122601666

Comment:
For the self-hosting usage, especially client-only connect, doesn't need to. 
However, the package does supply `ssmanager` binary which is expected to have a working directory (for interactive management, targeted at hosting multiple instances for different users, etc.), but I suppose that is somewhat outside the norm and thus the user can decide to change ownership of that directory on their own?
I'm not sure whether this should be changed, what's your take given the above?

Re: New package: shadowsocks-rust-1.23.2

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 418 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/55225#issuecomment-2936113092

Comment:
Would it make sense to use capabilities in the service, rather than setcap on the binaries?
it can be done using setpriv (from util-linux), instead of runit's chpst, see e.g. https://github.com/void-linux/void-packages/blob/master/srcpkgs/speakersafetyd/files/speakersafetyd/run

Re: [PR PATCH] [Updated] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 2043 bytes --]

There is an updated pull request by JkktBkkt against master on the void-packages repository

https://github.com/JkktBkkt/void-packages shadowsocks-rust
https://github.com/void-linux/void-packages/pull/55225

New package: shadowsocks-rust-1.23.2
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**: system, compiled

Both new and old, this is the currently actively developed and maintained port of shadowsocks. Currently void provides the libev version, which received 1 commit in 2.5 years and hasn't had a release for nearly 4.5.

A few things I'd want to ask for guidance on:
1. Current template is modeled closely after the libev one, but considering that shadowsocks is commonly used with binary plugins these days, running the service as separate user requires adding the capabilities to plugins similar to how it's done with shadowsocks's binaries, i.e. `setcap cap_net_bind_service+ep simple-tls` or no longer switching to root user. 
Should some kind of message mentioning this be added, or perhaps it's better to simply drop the system account?

2. From what I know, typical functionality, being simple client+server configs, can be used as a drop-in replacement (that said, binaries are named differently). I'm unsure whether it would be best to keep both completely separately for now or try to transition configurations, system accounts and paths from -libev into -rust somehow.

#### Local build testing
- I built and tested this PR locally for my native architectures, x86_64 glibc (as `sslocal` and `ssservice local`) and tested cross-built aarch64 glibc version (as `ssserver` and `ssservice server`)

I have cross-built but haven't tested for these architectures:
- aarch64-musl
- armv6l (-musl)
- armv7l (-musl)




A patch file from https://github.com/void-linux/void-packages/pull/55225.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadowsocks-rust-55225.patch --]
[-- Type: text/x-diff, Size: 2846 bytes --]

From 771669ffc3461a547da3e51c1b54dfc387a384df Mon Sep 17 00:00:00 2001
From: JkktBkkt <apkabikov@gmail.com>
Date: Thu, 1 May 2025 16:06:56 +0300
Subject: [PATCH] New package: shadowsocks-rust-1.23.4

---
 .../files/shadowsocks-rust-client/run         | 12 ++++++++++
 .../files/shadowsocks-rust-server/run         | 11 +++++++++
 srcpkgs/shadowsocks-rust/template             | 24 +++++++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
 create mode 100644 srcpkgs/shadowsocks-rust/template

diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
new file mode 100644
index 00000000000000..f76ab514cbaa3f
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
@@ -0,0 +1,12 @@
+#!/bin/sh
+exec 2>&1
+
+_user=_shadowsocks
+_caps=-all,+net_bind_service
+
+exec 2>&1
+exec setpriv --reuid $_user --regid $_user --clear-groups \
+  --ambient-caps $_caps \
+  --inh-caps $_caps \
+  --bounding-set $_caps \
+  --no-new-privs -- ssservice local -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
new file mode 100644
index 00000000000000..b07711efb79339
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+_user=_shadowsocks
+_caps=-all,+net_bind_service
+
+exec 2>&1
+exec setpriv --reuid $_user --regid $_user --clear-groups \
+  --ambient-caps $_caps \
+  --inh-caps $_caps \
+  --bounding-set $_caps \
+  --no-new-privs -- ssservice server -c /etc/shadowsocks-rust/config.json 1>/dev/null
diff --git a/srcpkgs/shadowsocks-rust/template b/srcpkgs/shadowsocks-rust/template
new file mode 100644
index 00000000000000..b3c01e3ee14ea1
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/template
@@ -0,0 +1,24 @@
+# Template file for 'shadowsocks-rust'
+pkgname=shadowsocks-rust
+version=1.23.4
+revision=1
+build_style=cargo
+hostmakedepends="pkg-config"
+makedepends="libzstd-devel"
+short_desc="Rust port of shadowsocks, a fast lightweight obfuscated tunnel proxy"
+maintainer="JkktBkkt <apkabikov@gmail.com>"
+license="MIT"
+homepage="https://github.com/shadowsocks/shadowsocks-rust/"
+distfiles="https://github.com/shadowsocks/shadowsocks-rust/archive/refs/tags/v${version}.tar.gz"
+checksum=8a91836256989e3a56409d0e83da6549ecf727e2d6642cd4e707993d9c8a23d3
+
+system_accounts="_shadowsocks"
+make_dirs="/etc/shadowsocks-rust 0755 root root"
+
+post_install() {
+	vlicense LICENSE
+	vsv shadowsocks-rust-server
+	vsv shadowsocks-rust-client
+	vsconf examples/config.json
+	vsconf examples/config_ext.json
+}

Re: [PR REVIEW] New package: shadowsocks-rust-1.23.2

[JkktBkkt]

[-- Attachment #1: Type: text/plain, Size: 761 bytes --]

New review comment by JkktBkkt on void-packages repository

https://github.com/void-linux/void-packages/pull/55225#discussion_r2122601666

Comment:
For the self-hosting usage, especially client-only connect, doesn't need to. 
However, the package does supply `ssmanager` binary which is expected to have a working directory (for interactive management, targeted at hosting multiple instances for different users, etc.), but I suppose that is somewhat outside the norm and thus the user can decide to change ownership of that directory on their own?
I'm not sure whether this should be changed, what's your take given the above?

edit: went over this in irc (thanks ahesford, feranur and balejk), where it was decided to leave the permissions up to the user

Re: [PR PATCH] [Updated] New package: shadowsocks-rust-1.23.2

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 2042 bytes --]

There is an updated pull request by Duncaen against master on the void-packages repository

https://github.com/JkktBkkt/void-packages shadowsocks-rust
https://github.com/void-linux/void-packages/pull/55225

New package: shadowsocks-rust-1.23.2
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**: system, compiled

Both new and old, this is the currently actively developed and maintained port of shadowsocks. Currently void provides the libev version, which received 1 commit in 2.5 years and hasn't had a release for nearly 4.5.

A few things I'd want to ask for guidance on:
1. Current template is modeled closely after the libev one, but considering that shadowsocks is commonly used with binary plugins these days, running the service as separate user requires adding the capabilities to plugins similar to how it's done with shadowsocks's binaries, i.e. `setcap cap_net_bind_service+ep simple-tls` or no longer switching to root user. 
Should some kind of message mentioning this be added, or perhaps it's better to simply drop the system account?

2. From what I know, typical functionality, being simple client+server configs, can be used as a drop-in replacement (that said, binaries are named differently). I'm unsure whether it would be best to keep both completely separately for now or try to transition configurations, system accounts and paths from -libev into -rust somehow.

#### Local build testing
- I built and tested this PR locally for my native architectures, x86_64 glibc (as `sslocal` and `ssservice local`) and tested cross-built aarch64 glibc version (as `ssserver` and `ssservice server`)

I have cross-built but haven't tested for these architectures:
- aarch64-musl
- armv6l (-musl)
- armv7l (-musl)




A patch file from https://github.com/void-linux/void-packages/pull/55225.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadowsocks-rust-55225.patch --]
[-- Type: text/x-diff, Size: 2879 bytes --]

From 9e88b2260e3381251849071fbb1dd99d86ff898c Mon Sep 17 00:00:00 2001
From: JkktBkkt <apkabikov@gmail.com>
Date: Thu, 1 May 2025 16:06:56 +0300
Subject: [PATCH] New package: shadowsocks-rust-1.23.4

---
 .../files/shadowsocks-rust-client/run         |  8 ++++++
 .../files/shadowsocks-rust-server/run         |  8 ++++++
 srcpkgs/shadowsocks-rust/template             | 25 +++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
 create mode 100644 srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
 create mode 100644 srcpkgs/shadowsocks-rust/template

diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
new file mode 100644
index 00000000000000..5f2d8cabe57314
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-client/run
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+exec 2>&1
+exec setpriv --reuid _shadowsocks --regid _shadowsocks --clear-groups \
+	--ambient-caps -all,+net_bind_service \
+	--inh-caps -all,+net_bind_service \
+	--bounding-set -all,+net_bind_service \
+	--no-new-privs -- ssservice local -c /etc/shadowsocks-rust/config.json
diff --git a/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
new file mode 100644
index 00000000000000..bb09af8c671a16
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/files/shadowsocks-rust-server/run
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+exec 2>&1
+exec setpriv --reuid _shadowsocks --regid _shadowsocks --clear-groups \
+	--ambient-caps -all,+net_bind_service \
+	--inh-caps -all,+net_bind_service \
+	--bounding-set -all,+net_bind_service \
+	--no-new-privs -- ssservice server -c /etc/shadowsocks-rust/config.json
diff --git a/srcpkgs/shadowsocks-rust/template b/srcpkgs/shadowsocks-rust/template
new file mode 100644
index 00000000000000..4429747c1973c1
--- /dev/null
+++ b/srcpkgs/shadowsocks-rust/template
@@ -0,0 +1,25 @@
+# Template file for 'shadowsocks-rust'
+pkgname=shadowsocks-rust
+version=1.23.4
+revision=1
+build_style=cargo
+hostmakedepends="pkg-config"
+makedepends="libzstd-devel"
+short_desc="Rust port of shadowsocks, a fast lightweight obfuscated tunnel proxy"
+maintainer="JkktBkkt <apkabikov@gmail.com>"
+license="MIT"
+homepage="https://github.com/shadowsocks/shadowsocks-rust"
+changelog="https://github.com/shadowsocks/shadowsocks-rust/releases"
+distfiles="https://github.com/shadowsocks/shadowsocks-rust/archive/refs/tags/v${version}.tar.gz"
+checksum=8a91836256989e3a56409d0e83da6549ecf727e2d6642cd4e707993d9c8a23d3
+
+system_accounts="_shadowsocks"
+make_dirs="/etc/shadowsocks-rust 0755 root root"
+
+post_install() {
+	vlicense LICENSE
+	vsv shadowsocks-rust-server
+	vsv shadowsocks-rust-client
+	vsconf examples/config.json
+	vsconf examples/config_ext.json
+}

Re: [PR PATCH] [Merged]: New package: shadowsocks-rust-1.23.2

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 1876 bytes --]

There's a merged pull request on the void-packages repository

New package: shadowsocks-rust-1.23.2
https://github.com/void-linux/void-packages/pull/55225

Description:
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**: system, compiled

Both new and old, this is the currently actively developed and maintained port of shadowsocks. Currently void provides the libev version, which received 1 commit in 2.5 years and hasn't had a release for nearly 4.5.

A few things I'd want to ask for guidance on:
1. Current template is modeled closely after the libev one, but considering that shadowsocks is commonly used with binary plugins these days, running the service as separate user requires adding the capabilities to plugins similar to how it's done with shadowsocks's binaries, i.e. `setcap cap_net_bind_service+ep simple-tls` or no longer switching to root user. 
Should some kind of message mentioning this be added, or perhaps it's better to simply drop the system account?

2. From what I know, typical functionality, being simple client+server configs, can be used as a drop-in replacement (that said, binaries are named differently). I'm unsure whether it would be best to keep both completely separately for now or try to transition configurations, system accounts and paths from -libev into -rust somehow.

#### Local build testing
- I built and tested this PR locally for my native architectures, x86_64 glibc (as `sslocal` and `ssservice local`) and tested cross-built aarch64 glibc version (as `ssserver` and `ssservice server`)

I have cross-built but haven't tested for these architectures:
- aarch64-musl
- armv6l (-musl)
- armv7l (-musl)