From 7ba4cabdde95f36025676f68bc3022c9cf216d6d Mon Sep 17 00:00:00 2001 From: "J. King" Date: Sat, 15 May 2021 22:26:06 -0400 Subject: [PATCH] Prototype Arch PKGBUILD and supporting files The package will be created, but the result itself has yet to be tested. --- .gitignore | 3 ++ dist/arch/PKGBUILD | 56 +++++++++++++++++++++++++++++++++++ dist/arch/arsse-fetch.service | 32 ++++++++++++++++++++ dist/arch/arsse-web.service | 33 +++++++++++++++++++++ dist/arch/arsse.service | 12 ++++++++ dist/arch/arsse.sh | 10 +++++++ dist/arch/config.php | 8 +++++ dist/arch/sysuser.conf | 1 + dist/arch/uwsgi.ini | 15 ++++++++++ 9 files changed, 170 insertions(+) create mode 100644 dist/arch/PKGBUILD create mode 100644 dist/arch/arsse-fetch.service create mode 100644 dist/arch/arsse-web.service create mode 100644 dist/arch/arsse.service create mode 100644 dist/arch/arsse.sh create mode 100644 dist/arch/config.php create mode 100644 dist/arch/sysuser.conf create mode 100644 dist/arch/uwsgi.ini diff --git a/.gitignore b/.gitignore index 16e9c935..10bac85b 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,8 @@ /documentation/ /manual/ /tests/coverage/ +/dist/arch/src +/dist/arch/pkg /arsse.db* /config.php /.php_cs.cache @@ -36,6 +38,7 @@ $RECYCLE.BIN/ *.zip *.7z *.tar.gz +*.tar.xz *.tgz *.deb *.rpm diff --git a/dist/arch/PKGBUILD b/dist/arch/PKGBUILD new file mode 100644 index 00000000..056ee6af --- /dev/null +++ b/dist/arch/PKGBUILD @@ -0,0 +1,56 @@ +pkgname="arsse" +pkgver="0.9.1" +pkgrel=1 +epoch= +pkgdesc="RSS/Atom newsfeed synchronization server" +arch=("any") +url="https://thearsse.com/" +license=("MIT") +groups=() +depends=("php>=7.1" "php-intl" "php-sqlite" "uwsgi" "uwsgi-plugin-php") +makedepends=("composer") +checkdepends=() +optdepends=("php-pgsql: PostgreSQL database support") +provides=() +conflicts=() +replaces=() +backup=("etc/webapps/arsse/config.php" "etc/webapps/arsse/uwsgi.ini") +options=() +install= +changelog= +source=("https://code.mensbeam.com/attachments/229880aa-3fcc-499f-b747-6932a661dc0e" + "arsse.service" + "arsse-web.service" + "arsse-fetch.service" + "sysuser.conf" + "config.php" + "uwsgi.ini" + "arsse.sh") +noextract=() + +package() { + cd "$pkgdir" + mkdir -p "usr/bin" "usr/share/webapps/arsse" "usr/share/doc/arsse" "usr/share/licenses/arsse" "usr/lib/systemd/system" "usr/lib/sysusers.d" "etc/webapps/arsse" + cd "$srcdir/arsse" + cp ../arsse.sh "$pkgdir/usr/bin/arsse" + cp -r lib locale sql vendor www CHANGELOG UPGRADING README.md arsse.php "$pkgdir/usr/share/webapps/arsse" + cp -r manual/* "$pkgdir/usr/share/doc/arsse" + cp LICENSE AUTHORS "$pkgdir/usr/share/licenses/arsse" + cp ../*.service "$pkgdir/usr/lib/systemd/system" + cp ../sysuser.conf "$pkgdir/usr/lib/sysusers.d/arsse.conf" + cp ../config.php config.defaults.php ../uwsgi.ini "$pkgdir/etc/webapps/arsse" + cd "$pkgdir" + chmod -R a=rX * + chmod a=rx usr/bin/arsse + chmod u=r etc/webapps/arsse/* + ln -sT "/etc/webapps/arsse/config.php" "usr/share/webapps/arsse/config.php" +} + +md5sums=('c7c9526f02fe34bf6f8399eff95c819d' + '53f150081dc9097790166ac22575fb1d' + '9ed9119aff93e0099c15cd12a3f71655' + '71a5975aed6b2da581262441f14bc929' + 'b6ef9ab7e9062df1d5ba060066b6d734' + '33e7a5b290ef20339952f1d904b33f8f' + 'ff8fc77353d8e06f5c74ad577880a19d' + '4fb46ec290e497279c3dd7c8c528abf6') diff --git a/dist/arch/arsse-fetch.service b/dist/arch/arsse-fetch.service new file mode 100644 index 00000000..81a31fc7 --- /dev/null +++ b/dist/arch/arsse-fetch.service @@ -0,0 +1,32 @@ +[Unit] +Description=The Arsse newsfeed fetching service +Documentation=https://thearsse.com/manual/ + +[Service] +User=arsse +Group=arsse +Type=simple +WorkingDirectory=/usr/share/webapps/arsse +ExecStart=/usr/bin/env php /usr/share/webapps/arsse/arsse.php daemon + +ProtectProc=invisible +NoNewPrivileges=true +ProtectSystem=full +ProtectHome=true +StateDirectory=arsse +ConfigurationDirectory=webapps/arsse +ReadOnlyPaths=/ +ReadWriePaths=/usr/lib/arsse +NoExecPaths=/ +ExecPaths=/usr/bin/php /usr/bin/php7 +PrivateTmp=true +PrivateDevices=true +RestrictSUIDSGID=true +StandardOutput=journal +StandardError=journal +SyslogIdentifier=arsse +Restart=on-failure +RestartPreventStatus= + +[Install] +WantedBy=multi-user.target diff --git a/dist/arch/arsse-web.service b/dist/arch/arsse-web.service new file mode 100644 index 00000000..8e280d17 --- /dev/null +++ b/dist/arch/arsse-web.service @@ -0,0 +1,33 @@ +[Unit] +Description=The Arsse newsfeed client service +Documentation=https://thearsse.com/manual/ + +[Service] +User=arsse +Group=arsse +Type=simple +WorkingDirectory=/usr/share/webapps/arsse +ExecStart=/usr/bin/uwsgi /etc/webapps/arsse/uwsgi.ini + +ProtectProc=invisible +NoNewPrivileges=true +ProtectSystem=full +ProtectHome=true +RuntimeDirectory=arsse +StateDirectory=arsse +ConfigurationDirectory=webapps/arsse +ReadOnlyPaths=/ +ReadWriePaths=/usr/lib/arsse +NoExecPaths=/ +ExecPaths=/usr/bin/uwsgi +PrivateTmp=true +PrivateDevices=true +RestrictSUIDSGID=true +StandardOutput=journal +StandardError=journal +SyslogIdentifier=arsse +Restart=on-failure +RestartPreventStatus= + +[Install] +WantedBy=multi-user.target diff --git a/dist/arch/arsse.service b/dist/arch/arsse.service new file mode 100644 index 00000000..f04d5846 --- /dev/null +++ b/dist/arch/arsse.service @@ -0,0 +1,12 @@ +[Unit] +Description=The Arsse newsfeed management service +Documentation=https://thearsse.com/manual/ +Requires=arsse-fetch.service +BindsTo=arsse-web.service + +[Service] +Type=oneshot +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/dist/arch/arsse.sh b/dist/arch/arsse.sh new file mode 100644 index 00000000..adc286eb --- /dev/null +++ b/dist/arch/arsse.sh @@ -0,0 +1,10 @@ +#! /usr/bin/bash + +if [ `id -u` -eq 0 ]; then + setpriv --clear-groups --inh-caps -all --egid=arsse --euid=arsse php /usr/share/webapps/arsse/arsse.php $@ +elif [ `id -un` == "arsse" ]; then + php /usr/share/webapps/arsse/arsse.php $@ +else + echo "Not authorized." >&2 + exit 1 +fi diff --git a/dist/arch/config.php b/dist/arch/config.php new file mode 100644 index 00000000..1df16355 --- /dev/null +++ b/dist/arch/config.php @@ -0,0 +1,8 @@ + "/usr/lib/arsse/arsse.db", +]; \ No newline at end of file diff --git a/dist/arch/sysuser.conf b/dist/arch/sysuser.conf new file mode 100644 index 00000000..9f936e4c --- /dev/null +++ b/dist/arch/sysuser.conf @@ -0,0 +1 @@ +u arsse - "The Arsse" /usr/lib/arsse - diff --git a/dist/arch/uwsgi.ini b/dist/arch/uwsgi.ini new file mode 100644 index 00000000..9766b4ee --- /dev/null +++ b/dist/arch/uwsgi.ini @@ -0,0 +1,15 @@ +[uwsgi] + +strict=true +uwsgi-socket=/run/arsse/uwsgi.socket +master=true +processes=4 +workers=2 +vacuum=true +plugin=php +php-sapi-name=apache +php-set=extension=curl +php-set=extension=iconv +php-set=extension=intl +php-set=extension=sqlite3 +php-app=/usr/share/webapps/arsse/arsse.php