net-misc/FORT-validator: missing quotes

acct-user/fort/fort-0.ebuild

@@ -8,6 +8,6 @@ inherit acct-user
 DESCRIPTION="User for FORT RPKI validator"
 ACCT_USER_ID=323
 ACCT_USER_GROUPS=( fort )
-ACCT_USER_HOME=/usr/share/${PN}/
+ACCT_USER_HOME="/usr/share/${PN}/"
 
 acct-user_add_deps

net-misc/FORT-validator/FORT-validator-1.2.0.ebuild

@@ -52,7 +52,7 @@ src_install() {
 	insinto /etc/fort
 	newins "${FILESDIR}/fort-config.json" config.json
 
-	exeinto /usr/libexec/${MY_PN}
+	exeinto "/usr/libexec/${MY_PN}"
 	doexe fort_setup.sh
 }
 

net-misc/FORT-validator/files/fort.service

@@ -0,0 +1,34 @@
+[Unit]
+Description=FORT RPKI validator
+Documentation=man:fort(8)
+Documentation=https://nicmx.github.io/FORT-validator/
+
+[Service]
+ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json
+Type=simple
+User=fort
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ReadWritePaths=/var/lib/fort/
+ConfigurationDirectory=fort
+ConfigurationDirectory=tals
+StateDirectory=fort
+NoNewPrivileges=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target