diff --git a/package/PKGBUILD b/package/PKGBUILD
index 8e8ff3cc..fcc19ceb 100644
--- a/package/PKGBUILD
+++ b/package/PKGBUILD
@@ -49,25 +49,19 @@ source=(
"policies.json"
"service-protocol.json"
"service-router.json"
- "carbonio-files-watches.service"
- "carbonio-files-start-watches.sh"
- "carbonio-files-handle-kv-changes.py"
)
sha256sums=(
'96f4a551909cd061e95fe06175ff3e2f35578af77ac677023174098c8f940ed3'
'1b48886989ad379f5c8ef1024f275a3657801c55cd038fe95ac4c9026ce471a7'
'a7ee302ad9fbd4b833aaff762434318b1d16fd0dcbf749d44cffa23005a55d4f'
'ef9409dc0ff2e5096fefa6b6ee06b0253e7a5005f1600771bf1e1bba36381d20'
- '999745be7b0af1051ebc2855d2331585984a80de644553af59e37ce00a2e3297'
- '8963c7a7c3679a3c14550d4a40d353ff20ee6995d77eb7dc2c3c96f40690a7e3'
+ '13849da0f25c1a0fa573c7e33f42e39efda0969bffb921d9710a85d722725309'
+ '6997ab298de2d92fc41e07de618e0c3785e586291b504354d8eb43ce54cb8437'
'SKIP'
'2f5e8f227d48471e14278068956723ae7dac12c4c6aa0dd6955c00868e1f7ad2'
'bc4ae477209ec6c64162749a087cd039269bd087647419648bdfee334c87ced3'
'419211cf2a57b235eaa96d50c46212897e5731589bef96e5cf898f732208bd66'
'1a1a163fbbca4006ff7951add46d41415fb99948f072a02cd16e408e1fc322da'
- '28b19e0eadf4afc64bb097878abf666ca4594168c53d03fdb13213e33a31c967'
- '2fc8cb3533d4a14c7666a91ca5092431ceee469f845feccc20b0b505262da6ec'
- '6bc85f53bf4470e3251dcb477085336f7e0a674b789f64bb883a4b70603495b4'
)
backup=(
@@ -101,12 +95,6 @@ _package_common() {
install -Dm644 "${srcdir}/service-router.json" \
"${pkgdir}/etc/carbonio/files/service-discover/service-router.json"
-
- install -Dm644 "${srcdir}/carbonio-files-watches.service" \
- "${pkgdir}/lib/systemd/system/carbonio-files-watches.service"
-
- install -Dm755 "${srcdir}/carbonio-files-handle-kv-changes.py" \
- "${pkgdir}/usr/bin/carbonio-files-handle-kv-changes.py"
}
_package_legacy() {
@@ -125,52 +113,24 @@ build__rocky_8() {
pip3.8 install \
--prefix="${pkgdir}/opt/zextras/common" \
pika
-
- install -Dm 755 "${srcdir}/carbonio-files-start-watches.sh" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PYTHON_VER/3.8/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PREFIX/common/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
}
build__rocky_9() {
pip3 install \
--prefix="${pkgdir}/opt/zextras/common" \
pika
-
- install -Dm 755 "${srcdir}/carbonio-files-start-watches.sh" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PYTHON_VER/3.9/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PREFIX/common/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
}
build__ubuntu_jammy() {
pip3 install \
--prefix="${pkgdir}/opt/zextras/common" \
pika
-
- install -Dm 755 "${srcdir}/carbonio-files-start-watches.sh" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PYTHON_VER/3.10/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PREFIX/common\/local/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
}
build__ubuntu_noble() {
pip3 install \
--prefix="${pkgdir}/opt/zextras/common" \
pika
-
- install -Dm 755 "${srcdir}/carbonio-files-start-watches.sh" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PYTHON_VER/3.12/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
- sed -i "s/PREFIX/common\/local/g" \
- "${pkgdir}/usr/bin/carbonio-files-start-watches.sh"
}
package() {
@@ -186,10 +146,10 @@ package__ubuntu_jammy() {
}
postinst() {
- getent group 'carbonio-files' >/dev/null \
- || groupadd -r 'carbonio-files'
- getent passwd 'carbonio-files' >/dev/null \
- || useradd -r -M -g 'carbonio-files' -s /sbin/nologin 'carbonio-files'
+ getent group 'carbonio-files' >/dev/null ||
+ groupadd -r 'carbonio-files'
+ getent passwd 'carbonio-files' >/dev/null ||
+ useradd -r -M -g 'carbonio-files' -s /sbin/nologin 'carbonio-files'
mkdir -p "/var/log/carbonio/files/"
chown carbonio-files:carbonio-files "/var/log/carbonio/files"
diff --git a/package/carbonio-files-sidecar-legacy.service b/package/carbonio-files-sidecar-legacy.service
index b88d7d96..ccdebdae 100644
--- a/package/carbonio-files-sidecar-legacy.service
+++ b/package/carbonio-files-sidecar-legacy.service
@@ -22,7 +22,11 @@ LimitNOFILE=65536
# Hardening
PrivateTmp=yes
-ProtectSystem=strict
+#ProtectSystem=strict
+ProtectSystem=yes
+ReadOnlyPaths=/usr
+ReadOnlyPaths=/boot
+ReadOnlyPaths=/efi
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=yes
diff --git a/package/carbonio-files-sidecar.service b/package/carbonio-files-sidecar.service
index 0bbbf2c2..ebdf6dc7 100644
--- a/package/carbonio-files-sidecar.service
+++ b/package/carbonio-files-sidecar.service
@@ -25,7 +25,11 @@ LimitNOFILE=65536
# Hardening
PrivateTmp=yes
-ProtectSystem=strict
+#ProtectSystem=strict
+ProtectSystem=yes
+ReadOnlyPaths=/usr
+ReadOnlyPaths=/boot
+ReadOnlyPaths=/efi
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=yes
diff --git a/pom.xml b/pom.xml
index aa588187..d53d0470 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,7 +66,7 @@ SPDX-License-Identifier: AGPL-3.0-only
3.6.0
- 3.13.0
+ 3.15.0
3.5.4
0.8.12
3.5.4