From d2e43d9288112a4d1c66d45d87484bbb8fedb33f Mon Sep 17 00:00:00 2001 From: nxshock Date: Sat, 3 Apr 2021 20:57:15 +0500 Subject: [PATCH 1/7] Run service as separate user --- contrib/systemd/alfis.service | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contrib/systemd/alfis.service b/contrib/systemd/alfis.service index bb7f663..a5851ee 100644 --- a/contrib/systemd/alfis.service +++ b/contrib/systemd/alfis.service @@ -6,11 +6,12 @@ After=network.target After=alfis-default-config.service [Service] +User=alfis Group=alfis ProtectHome=true ProtectSystem=true SyslogIdentifier=alfis -CapabilityBoundingSet=CAP_NET_ADMIN +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE WorkingDirectory=/var/lib/alfis ExecStart=/usr/bin/alfis -n -c /etc/alfis.conf ExecReload=/bin/kill -HUP $MAINPID @@ -18,4 +19,4 @@ Restart=always TimeoutStopSec=5 [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target From d60c6835dd03dc021216c1a5a2b0433e59e72214 Mon Sep 17 00:00:00 2001 From: nxshock Date: Sat, 3 Apr 2021 21:15:34 +0500 Subject: [PATCH 2/7] Add systemd user creation --- contrib/deb/generate.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh index 83a845e..ad59a31 100755 --- a/contrib/deb/generate.sh +++ b/contrib/deb/generate.sh @@ -39,6 +39,11 @@ mkdir -p /tmp/$PKGNAME/ mkdir -p /tmp/$PKGNAME/debian/ mkdir -p /tmp/$PKGNAME/usr/bin/ mkdir -p /tmp/$PKGNAME/etc/systemd/system/ +mkdir -p /tmp/$PKGNAME/usr/lib/sysusers.d/ + +cat > /tmp/$PKGNAME/usr/lib/sysusers.d/alfis.tmpfiles << EOF +u alfis - "alfis user" +EOF cat > /tmp/$PKGNAME/debian/changelog << EOF Please see https://github.com/Revertron/Alfis/ @@ -125,4 +130,4 @@ ar -r $PKGFILE \ /tmp/$PKGNAME/control.tar.gz \ /tmp/$PKGNAME/data.tar.gz -rm -rf /tmp/$PKGNAME \ No newline at end of file +rm -rf /tmp/$PKGNAME From a41c01c1f8d61ca449ac3c040fd9ac068d38ccc8 Mon Sep 17 00:00:00 2001 From: nxshock Date: Sat, 3 Apr 2021 21:17:57 +0500 Subject: [PATCH 3/7] Fix wrong filename --- contrib/deb/generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh index ad59a31..866dba1 100755 --- a/contrib/deb/generate.sh +++ b/contrib/deb/generate.sh @@ -41,7 +41,7 @@ mkdir -p /tmp/$PKGNAME/usr/bin/ mkdir -p /tmp/$PKGNAME/etc/systemd/system/ mkdir -p /tmp/$PKGNAME/usr/lib/sysusers.d/ -cat > /tmp/$PKGNAME/usr/lib/sysusers.d/alfis.tmpfiles << EOF +cat > /tmp/$PKGNAME/usr/lib/sysusers.d/alfis.sysusers << EOF u alfis - "alfis user" EOF From 7bc0632ed511c515c54d516e136ef1a7e4a7e656 Mon Sep 17 00:00:00 2001 From: nxshock Date: Sat, 3 Apr 2021 21:30:51 +0500 Subject: [PATCH 4/7] Add user with useradd command based on https://unix.stackexchange.com/questions/28526/add-a-user-to-the-system-only-if-it-doesnt-exist --- contrib/deb/generate.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh index 866dba1..215ab02 100755 --- a/contrib/deb/generate.sh +++ b/contrib/deb/generate.sh @@ -39,11 +39,6 @@ mkdir -p /tmp/$PKGNAME/ mkdir -p /tmp/$PKGNAME/debian/ mkdir -p /tmp/$PKGNAME/usr/bin/ mkdir -p /tmp/$PKGNAME/etc/systemd/system/ -mkdir -p /tmp/$PKGNAME/usr/lib/sysusers.d/ - -cat > /tmp/$PKGNAME/usr/lib/sysusers.d/alfis.sysusers << EOF -u alfis - "alfis user" -EOF cat > /tmp/$PKGNAME/debian/changelog << EOF Please see https://github.com/Revertron/Alfis/ @@ -77,6 +72,8 @@ EOF cat > /tmp/$PKGNAME/debian/postinst << EOF #!/bin/sh +id -u somename &>/dev/null || useradd --system alfis || echo "Failed to create user 'alfis' - please create it manually and reinstall" + if ! getent group alfis 2>&1 > /dev/null; then groupadd --system --force alfis || echo "Failed to create group 'alfis' - please create it manually and reinstall" fi From ef9c2653f181bcad8500f10b0413ca154dd08394 Mon Sep 17 00:00:00 2001 From: nxshock Date: Sat, 3 Apr 2021 21:40:51 +0500 Subject: [PATCH 5/7] Forgot some replacements --- contrib/deb/generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh index 215ab02..846d5ff 100755 --- a/contrib/deb/generate.sh +++ b/contrib/deb/generate.sh @@ -72,7 +72,7 @@ EOF cat > /tmp/$PKGNAME/debian/postinst << EOF #!/bin/sh -id -u somename &>/dev/null || useradd --system alfis || echo "Failed to create user 'alfis' - please create it manually and reinstall" +id -u alfis &>/dev/null || useradd --system alfis || echo "Failed to create user 'alfis' - please create it manually and reinstall" if ! getent group alfis 2>&1 > /dev/null; then groupadd --system --force alfis || echo "Failed to create group 'alfis' - please create it manually and reinstall" From 3388750ea6eda56a24f0f34129bacb6ffc1794a5 Mon Sep 17 00:00:00 2001 From: nxshock Date: Sat, 3 Apr 2021 23:37:50 +0500 Subject: [PATCH 6/7] Add Arch Linux icon to README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9f68ce1..a218ea5 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ cargo build If you are building on Linux you must ensure that you have `libwebkitgtk` library installed. You can do it by issuing this command: `sudo apt install libwebkit2gtk-4.0-dev` (on Debian/Ubuntu and derivatives). -#### On Arch Linux +#### ![Arch Linux Logo](https://www.archlinux.org/favicon.ico) On Arch Linux Create and install package with this commands: From 79a7a43cd5f3c3c1e9262196d8b3413baad2fe03 Mon Sep 17 00:00:00 2001 From: Revertron Date: Sat, 3 Apr 2021 20:57:18 +0200 Subject: [PATCH 7/7] Fixed creation of user and group in deb-package post-install. --- contrib/deb/generate.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh index 4ed86a2..e011b8c 100755 --- a/contrib/deb/generate.sh +++ b/contrib/deb/generate.sh @@ -22,7 +22,7 @@ PKGREPLACES=alfis #fi # Building nogui versions only -if [ $PKGARCH = "amd64" ]; then cargo build --release --no-default-features && cp target/release/alfis ./alfis +if [ $PKGARCH = "amd64" ]; then cargo build --release --no-default-features --target x86_64-unknown-linux-musl && cp target/x86_64-unknown-linux-musl/release/alfis ./alfis elif [ $PKGARCH = "i686" ]; then cross build --target i686-unknown-linux-gnu --release --no-default-features && cp target/i686-unknown-linux-gnu/release/alfis ./alfis elif [ $PKGARCH = "mipsel" ]; then cross build --release --no-default-features --target mipsel-unknown-linux-gnu && cp target/mipsel-unknown-linux-gnu/release/alfis ./alfis elif [ $PKGARCH = "mips" ]; then cross build --release --no-default-features --target mips-unknown-linux-gnu && cp target/mips-unknown-linux-gnu/release/alfis ./alfis @@ -70,14 +70,16 @@ usr/bin/alfis usr/bin etc/systemd/system/*.service etc/systemd/system EOF cat > /tmp/$PKGNAME/debian/postinst << EOF -#!/bin/sh - -id -u alfis &>/dev/null || useradd --system alfis || echo "Failed to create user 'alfis' - please create it manually and reinstall" +#!/bin/sh -e if ! getent group alfis 2>&1 > /dev/null; then groupadd --system --force alfis || echo "Failed to create group 'alfis' - please create it manually and reinstall" fi +if ! getent passwd alfis >/dev/null 2>&1; then + adduser --system --ingroup alfis --disabled-password --home /var/lib/alfis alfis +fi + mkdir -p /var/lib/alfis chgrp alfis /var/lib/alfis @@ -112,7 +114,7 @@ if command -v systemctl >/dev/null; then fi EOF -cp alfis /tmp/$PKGNAME/usr/bin/ +sudo cp alfis /tmp/$PKGNAME/usr/bin/ cp contrib/systemd/*.service /tmp/$PKGNAME/etc/systemd/system/ tar -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \