diff --git a/debian/.gitignore b/debian/.gitignore index ceba5cbb0289c5c50d2e1feec38e5b8c9bf4a850..bbcabc75dcd3c4b268be7abc138594e3c81f42ce 100644 --- a/debian/.gitignore +++ b/debian/.gitignore @@ -1,4 +1,5 @@ liber +*.debhelper *.debhelper.log *.substvars files diff --git a/debian/changelog b/debian/changelog index 42a9bd05a1cb0f3d9286d38beb77cf7655dfb02c..4d27bc49951f7a80ab74f50a83c79ec13966dd48 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +liber (0.2p1) unstable; urgency=medium + + * Packaging changes for Debian buster. + + -- ale <ale@incal.net> Wed, 31 Jul 2019 16:28:44 +0100 + liber (0.2) unstable; urgency=medium * Migrated to new on-disk database format. diff --git a/debian/compat b/debian/compat index 45a4fb75db864000d01701c0f7a51864bd4daabf..ec635144f60048986bc560c5576355344005e6e7 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -8 +9 diff --git a/debian/control b/debian/control index f8572565b2182b30083128adfe47c1ecf36ac7f7..55e3d89326f888cbc13a9a8c8ac9d6f56ae5790c 100644 --- a/debian/control +++ b/debian/control @@ -2,8 +2,8 @@ Source: liber Section: net Priority: extra Maintainer: ale <ale@incal.net> -Build-Depends: debhelper (>= 8.0.0), dh-systemd (>= 1.5), golang-go (>= 1.5) -Standards-Version: 3.9.4 +Build-Depends: debhelper (>= 9), dh-systemd (>= 1.5), golang-any, dh-golang +Standards-Version: 3.9.6 Homepage: https://git.autistici.org/ale/liber Package: liber diff --git a/debian/liber.service b/debian/liber.service index d889f515f193c4aec202b37032dbe8502f26a716..bc5fed746e7fa862a9538669fcf6cbd1d5f427df 100644 --- a/debian/liber.service +++ b/debian/liber.service @@ -8,7 +8,15 @@ EnvironmentFile=/etc/default/liber ExecStart=/usr/bin/liber $BOOK_DIR $LIBER_OPTIONS server $ADDR Restart=always +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib/liber +SystemCallFilter=~@mount + [Install] WantedBy=multi-user.target - diff --git a/debian/rules b/debian/rules index 5b77ad03fafc8b70a7adae724a49bf6147bc2ccf..2fd0f143586f7242b46f1d3b881e57a3ae3da706 100755 --- a/debian/rules +++ b/debian/rules @@ -1,33 +1,23 @@ #!/usr/bin/make -f # -*- makefile -*- -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 - -# This has to be exported to make some magic below work. -export DH_OPTIONS - -export DH_GOPKG = git.autistici.org/ale/liber - -DEBDIR = $(CURDIR)/debian -PKGDIR = $(DEBDIR)/liber +export DH_GOPKG := git.autistici.org/ale/liber +export DH_GOLANG_EXCLUDES := vendor +export DH_GOLANG_INSTALL_ALL := 1 %: - dh $@ --with systemd + dh $@ --with systemd --with golang --buildsystem golang -override_dh_install: - install -m 755 -o root -g root -d $(PKGDIR)/usr/bin - install -m 755 -o root -g root -d $(PKGDIR)/usr/share/liber - -mkdir build - (export GOPATH=$(CURDIR)/build ; mkdir -p build/src/$(shell dirname $(DH_GOPKG)) ; ln -s $(CURDIR) build/src/$(DH_GOPKG) ; cd build/src/$(DH_GOPKG) && go install -v ./...) - (for f in liber ; do \ - install -m 755 -o root -g root build/bin/$$f $(PKGDIR)/usr/bin/$$f ; done) - (umask 022; cp -R --preserve=timestamps htdocs $(PKGDIR)/usr/share/liber/htdocs) +override_dh_auto_install: + dh_auto_install + $(RM) -r debian/liber/usr/share/gocode + install -m 755 -o root -g root -d debian/liber/usr/share/liber + (umask 022; cp -R --preserve=timestamps htdocs debian/liber/usr/share/liber/htdocs) -override_dh_clean: - -rm -fr build - dh_clean - -# Do not enable the liber HTTP server by default. +# Do not enable or start the liber server by default. override_dh_systemd_enable: + dh_systemd_enable --no-enable + +override_dh_systemd_start: + dh_systemd_start --no-start