From 69415e841f2578462b9ffc921852cba9ab3ce434 Mon Sep 17 00:00:00 2001 From: Roland Vet Date: Fri, 10 Sep 2021 17:13:27 +0200 Subject: [PATCH] Initial commit, from arch community svn. --- .SRCINFO | 34 +++++++++++ Caddyfile | 40 ++++++++++++ PKGBUILD | 97 ++++++++++++++++++++++++++++++ caddy-api.service | 62 +++++++++++++++++++ caddy.service | 71 ++++++++++++++++++++++ caddy.sysusers | 1 + caddy.tmpfiles | 3 + override-main-module-version.patch | 28 +++++++++ use-data-dir-for-autosave.patch | 30 +++++++++ 9 files changed, 366 insertions(+) create mode 100644 .SRCINFO create mode 100644 Caddyfile create mode 100644 PKGBUILD create mode 100644 caddy-api.service create mode 100644 caddy.service create mode 100644 caddy.sysusers create mode 100644 caddy.tmpfiles create mode 100644 override-main-module-version.patch create mode 100644 use-data-dir-for-autosave.patch diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 0000000..6b75c50 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,34 @@ +generated-by = makedeb-makepkg + +pkgbase = caddy + pkgdesc = Fast web server with automatic HTTPS + pkgver = 2.4.5 + pkgrel = 1 + url = https://caddyserver.com + arch = x86_64 + license = Apache + makedepends = go + makedepends = git + depends = glibc + backup = etc/caddy/Caddyfile + source = git+https://github.com/caddyserver/caddy#tag=v2.4.5?signed + source = caddy-dist::git+https://github.com/caddyserver/dist#commit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064 + source = caddy.service + source = caddy-api.service + source = caddy.tmpfiles + source = caddy.sysusers + source = Caddyfile + source = use-data-dir-for-autosave.patch + source = override-main-module-version.patch + validpgpkeys = 29D0817A67156E4F25DC24782A349DD577D586A5 + sha512sums = SKIP + sha512sums = SKIP + sha512sums = b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806 + sha512sums = a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0 + sha512sums = 55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742 + sha512sums = c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f + sha512sums = 716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0 + sha512sums = 563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41 + sha512sums = b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b + +pkgname = caddy diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..e8dda50 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,40 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# https://caddyserver.com/docs/caddyfile +# +# The configuration below serves a welcome page over HTTP on port 80. +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace the line below with your +# domain name. +# +# https://caddyserver.com/docs/caddyfile/concepts#addresses + +{ + # Restrict the admin interface to a local unix file socket whose directory + # is restricted to caddy:caddy. By default the TCP socket allows arbitrary + # modification for any process and user that has access to the local + # interface. If admin over TCP is turned on one should make sure + # implications are well understood. + admin "unix//run/caddy/admin.socket" +} + +http:// { + # Set this path to your site's directory. + root * /usr/share/caddy + + # Enable the static file server. + file_server + + # Another common task is to set up a reverse proxy: + # reverse_proxy localhost:8080 + + # Or serve a PHP site through php-fpm: + # php_fastcgi localhost:9000 + + # Refer to the directive documentation for more options. + # https://caddyserver.com/docs/caddyfile/directives +} + +# Import additional caddy config files in /etc/caddy/conf.d/ +import /etc/caddy/conf.d/* diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 0000000..81665cf --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,97 @@ +# Maintainer: Levente Polyak +# Maintainer: Christian Rebischke +# Contributor: Wei Congrui < crvv.mail at gmail dot com > +# Contributor: Carl George < arch at cgtx dot us > +# Contributor: Eric Engeström +# Contributor: Andreas Linz +# Contributor: Akshay S Dinesh + +pkgname=caddy +pkgver=2.4.5 +_gitcommit=v2.4.5 +_distcommit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064 +pkgrel=1 +pkgdesc='Fast web server with automatic HTTPS' +url='https://caddyserver.com' +arch=('x86_64') +license=('Apache') +depends=('glibc') +makedepends=('go' 'git') +backup=('etc/caddy/Caddyfile') +source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed" + caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}" + caddy.service + caddy-api.service + caddy.tmpfiles + caddy.sysusers + Caddyfile + use-data-dir-for-autosave.patch + override-main-module-version.patch) +sha512sums=('SKIP' + 'SKIP' + 'b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806' + 'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0' + '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742' + 'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f' + '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0' + '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41' + 'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b') +validpgpkeys=( + 29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt +) + +pkgver() { + cd ${pkgname} + git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g' +} + +prepare() { + cd "${pkgname}" + # welcome page + cp ../caddy-dist/welcome/index.html . + sed 's|/var/www/html|/srv/http|g' -i index.html + # do not write in /etc + patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch" + # fix version identifier if not built from a module + patch -Np1 < "${srcdir}/override-main-module-version.patch" + sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go +} + +build() { + cd "${pkgname}/cmd/caddy/" + export CGO_LDFLAGS="${LDFLAGS}" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + go build . +} + +check() { + cd "${pkgname}" + go test ./... + version=$(./cmd/caddy/caddy version) + echo "Caddy version: ${version}" + if [[ $version != v$pkgver ]]; then + exit 1 + fi +} + +package() { + cd "${pkgname}" + install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin" + + install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system" + install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" + install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf" + + install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy" + install -d "${pkgdir}/etc/caddy/conf.d" + + install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html" + + install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions" + install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy" +} + +# vim: ts=2 sw=2 et: diff --git a/caddy-api.service b/caddy-api.service new file mode 100644 index 0000000..b2dead4 --- /dev/null +++ b/caddy-api.service @@ -0,0 +1,62 @@ +# caddy-api.service +# +# For using Caddy with its API. +# +# This unit is "durable" in that it will automatically resume +# the last active configuration if the service is restarted. +# +# See https://caddyserver.com/docs/install for instructions. + +[Unit] +Description=Caddy API Server +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy +Environment=XDG_DATA_HOME=/var/lib +Environment=XDG_CONFIG_HOME=/var/lib +ExecStart=/usr/bin/caddy run --environ --resume + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +TimeoutStopSec=5s + +LimitNOFILE=1048576 +LimitNPROC=512 + +# Hardening options +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +DevicePolicy=closed +LockPersonality=true +MemoryAccounting=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProcSubset=pid +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RemoveIPC=true +ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true + +[Install] +WantedBy=multi-user.target diff --git a/caddy.service b/caddy.service new file mode 100644 index 0000000..96259b4 --- /dev/null +++ b/caddy.service @@ -0,0 +1,71 @@ +# caddy.service +# +# For using Caddy with a config file. +# +# Make sure the ExecStart and ExecReload commands are correct +# for your installation. +# +# See https://caddyserver.com/docs/install for instructions. +# +# WARNING: This service does not use the --resume flag, so if you +# use the API to make changes, they will be overwritten by the +# Caddyfile next time the service is restarted. If you intend to +# use Caddy's API to configure it, add the --resume flag to the +# `caddy run` command or use the caddy-api.service file instead. + +[Unit] +Description=Caddy web server +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy +Environment=XDG_DATA_HOME=/var/lib +Environment=XDG_CONFIG_HOME=/etc +ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile +ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile +ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +TimeoutStopSec=5s + +LimitNOFILE=1048576 +LimitNPROC=512 + +# Hardening options +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +DevicePolicy=closed +LockPersonality=true +MemoryAccounting=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProcSubset=pid +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RemoveIPC=true +ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true + +[Install] +WantedBy=multi-user.target diff --git a/caddy.sysusers b/caddy.sysusers new file mode 100644 index 0000000..6fb5633 --- /dev/null +++ b/caddy.sysusers @@ -0,0 +1 @@ +u caddy - "caddy daemon" /var/lib/caddy diff --git a/caddy.tmpfiles b/caddy.tmpfiles new file mode 100644 index 0000000..25f170f --- /dev/null +++ b/caddy.tmpfiles @@ -0,0 +1,3 @@ +d /var/lib/caddy 0750 caddy caddy +d /var/log/caddy 0750 caddy caddy +d /run/caddy 0750 caddy caddy diff --git a/override-main-module-version.patch b/override-main-module-version.patch new file mode 100644 index 0000000..d64eea2 --- /dev/null +++ b/override-main-module-version.patch @@ -0,0 +1,28 @@ +From 56eacff9fa3a84b19ac9b8bb7072d9b7d96755e7 Mon Sep 17 00:00:00 2001 +From: anthraxx +Date: Sat, 13 Feb 2021 04:56:30 +0100 +Subject: [PATCH] override main module version which we can be filled with the + correct version + +Go BuildInfo only works if we build from a module, however we simply +want to build in tree. Therefor override the main module version with +something that we can dynamically replace. +--- + caddy.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/caddy.go b/caddy.go +index 70135ffb..04d95716 100644 +--- a/caddy.go ++++ b/caddy.go +@@ -679,6 +679,7 @@ func goModule(mod *debug.Module) *debug.Module { + mod.Version = "unknown" + bi, ok := debug.ReadBuildInfo() + if ok { ++ bi.Main.Version = "unknown" + mod.Path = bi.Main.Path + // The recommended way to build Caddy involves + // creating a separate main module, which +-- +2.30.0 + diff --git a/use-data-dir-for-autosave.patch b/use-data-dir-for-autosave.patch new file mode 100644 index 0000000..5958167 --- /dev/null +++ b/use-data-dir-for-autosave.patch @@ -0,0 +1,30 @@ +From e3a60a8058d2c75c9bc47f550351d0008aefb314 Mon Sep 17 00:00:00 2001 +From: anthraxx +Date: Fri, 12 Feb 2021 19:23:50 +0100 +Subject: [PATCH] storage: use data dir for autosave.json as /etc is write + protected + +This is more a state file instead of a custom file as caddy also +persists this. We do not want to have any files in /etc being mapped +writable, not even the /etc/caddy directory, hence move the persisted +autosave.json state to the actual application data directory. +--- + storage.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/storage.go b/storage.go +index 62f9b1c6..5babea79 100644 +--- a/storage.go ++++ b/storage.go +@@ -154,7 +154,7 @@ func AppDataDir() string { + } + + // ConfigAutosavePath is the default path to which the last config will be persisted. +-var ConfigAutosavePath = filepath.Join(AppConfigDir(), "autosave.json") ++var ConfigAutosavePath = filepath.Join(AppDataDir(), "autosave.json") + + // DefaultStorage is Caddy's default storage module. + var DefaultStorage = &certmagic.FileStorage{Path: AppDataDir()} +-- +2.30.0 +