From c0c78ca19a855108cc0e9f2cdc662953b59226b7 Mon Sep 17 00:00:00 2001 From: alarig Date: Mon, 9 Mar 2020 23:06:42 +0100 Subject: [PATCH] net-misc/FORT-validator: missing quotes --- acct-user/fort/fort-0.ebuild | 2 +- .../FORT-validator-1.2.0.ebuild | 2 +- net-misc/FORT-validator/files/fort.service | 34 +++++++++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 net-misc/FORT-validator/files/fort.service diff --git a/acct-user/fort/fort-0.ebuild b/acct-user/fort/fort-0.ebuild index dbf598f..9c9fec7 100644 --- a/acct-user/fort/fort-0.ebuild +++ b/acct-user/fort/fort-0.ebuild @@ -8,6 +8,6 @@ inherit acct-user DESCRIPTION="User for FORT RPKI validator" ACCT_USER_ID=323 ACCT_USER_GROUPS=( fort ) -ACCT_USER_HOME=/usr/share/${PN}/ +ACCT_USER_HOME="/usr/share/${PN}/" acct-user_add_deps diff --git a/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild b/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild index 80942ee..33033f5 100644 --- a/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild +++ b/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild @@ -52,7 +52,7 @@ src_install() { insinto /etc/fort newins "${FILESDIR}/fort-config.json" config.json - exeinto /usr/libexec/${MY_PN} + exeinto "/usr/libexec/${MY_PN}" doexe fort_setup.sh } diff --git a/net-misc/FORT-validator/files/fort.service b/net-misc/FORT-validator/files/fort.service new file mode 100644 index 0000000..4c13aa2 --- /dev/null +++ b/net-misc/FORT-validator/files/fort.service @@ -0,0 +1,34 @@ +[Unit] +Description=FORT RPKI validator +Documentation=man:fort(8) +Documentation=https://nicmx.github.io/FORT-validator/ + +[Service] +ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json +Type=simple +User=fort +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +ProtectSystem=strict +ProtectHome=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ReadWritePaths=/var/lib/fort/ +ConfigurationDirectory=fort +ConfigurationDirectory=tals +StateDirectory=fort +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service + +[Install] +WantedBy=multi-user.target