Initial commit, from arch community svn.

2021-09-10 17:13:27 +02:00 · 2021-09-10 17:13:27 +02:00 · 69415e841f
commit 69415e841f
9 changed files with 366 additions and 0 deletions
--- a/.SRCINFO
+++ b/.SRCINFO
@ -0,0 +1,34 @@
 generated-by = makedeb-makepkg
 pkgbase = caddy
 	pkgdesc = Fast web server with automatic HTTPS
 	pkgver = 2.4.5
 	pkgrel = 1
 	url = https://caddyserver.com
 	arch = x86_64
 	license = Apache
 	makedepends = go
 	makedepends = git
 	depends = glibc
 	backup = etc/caddy/Caddyfile
 	source = git+https://github.com/caddyserver/caddy#tag=v2.4.5?signed
 	source = caddy-dist::git+https://github.com/caddyserver/dist#commit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064
 	source = caddy.service
 	source = caddy-api.service
 	source = caddy.tmpfiles
 	source = caddy.sysusers
 	source = Caddyfile
 	source = use-data-dir-for-autosave.patch
 	source = override-main-module-version.patch
 	validpgpkeys = 29D0817A67156E4F25DC24782A349DD577D586A5
 	sha512sums = SKIP
 	sha512sums = SKIP
 	sha512sums = b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806
 	sha512sums = a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0
 	sha512sums = 55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742
 	sha512sums = c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f
 	sha512sums = 716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0
 	sha512sums = 563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41
 	sha512sums = b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b
 pkgname = caddy
--- a/40
+++ b/40
@ -0,0 +1,40 @@
 # The Caddyfile is an easy way to configure your Caddy web server.
 #
 # https://caddyserver.com/docs/caddyfile
 #
 # The configuration below serves a welcome page over HTTP on port 80.
 # To use your own domain name (with automatic HTTPS), first make
 # sure your domain's A/AAAA DNS records are properly pointed to
 # this machine's public IP, then replace the line below with your
 # domain name.
 #
 # https://caddyserver.com/docs/caddyfile/concepts#addresses
 {
 	# Restrict the admin interface to a local unix file socket whose directory
 	# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
 	# modification for any process and user that has access to the local
 	# interface. If admin over TCP is turned on one should make sure
 	# implications are well understood.
 	admin "unix//run/caddy/admin.socket"
 }
 http:// {
 	# Set this path to your site's directory.
 	root * /usr/share/caddy
 	# Enable the static file server.
 	file_server
 	# Another common task is to set up a reverse proxy:
 	# reverse_proxy localhost:8080
 	# Or serve a PHP site through php-fpm:
 	# php_fastcgi localhost:9000
 	# Refer to the directive documentation for more options.
 	# https://caddyserver.com/docs/caddyfile/directives
 }
 # Import additional caddy config files in /etc/caddy/conf.d/
 import /etc/caddy/conf.d/*
--- a/97
+++ b/97
@ -0,0 +1,97 @@
 # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
 # Maintainer: Christian Rebischke <chris.rebischke@archlinux.org>
 # Contributor: Wei Congrui < crvv.mail at gmail dot com >
 # Contributor: Carl George < arch at cgtx dot us >
 # Contributor: Eric Engeström <eric at engestrom dot ch>
 # Contributor: Andreas Linz <klingt.net at gmail dot com>
 # Contributor: Akshay S Dinesh <asdofindia at gmail dot com>
 pkgname=caddy
 pkgver=2.4.5
 _gitcommit=v2.4.5
 _distcommit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064
 pkgrel=1
 pkgdesc='Fast web server with automatic HTTPS'
 url='https://caddyserver.com'
 arch=('x86_64')
 license=('Apache')
 depends=('glibc')
 makedepends=('go' 'git')
 backup=('etc/caddy/Caddyfile')
 source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed"
        caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}"
        caddy.service
        caddy-api.service
        caddy.tmpfiles
        caddy.sysusers
        Caddyfile
        use-data-dir-for-autosave.patch
        override-main-module-version.patch)
 sha512sums=('SKIP'
            'SKIP'
            'b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806'
            'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0'
            '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742'
            'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f'
            '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0'
            '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41'
            'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b')
 validpgpkeys=(
  29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mholt@users.noreply.github.com>
 )
 pkgver() {
  cd ${pkgname}
  git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
 }
 prepare() {
  cd "${pkgname}"
  # welcome page
  cp ../caddy-dist/welcome/index.html .
  sed 's|/var/www/html|/srv/http|g' -i index.html
  # do not write in /etc
  patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch"
  # fix version identifier if not built from a module
  patch -Np1 < "${srcdir}/override-main-module-version.patch"
  sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go
 }
 build() {
  cd "${pkgname}/cmd/caddy/"
  export CGO_LDFLAGS="${LDFLAGS}"
  export CGO_CPPFLAGS="${CPPFLAGS}"
  export CGO_CFLAGS="${CFLAGS}"
  export CGO_CXXFLAGS="${CXXFLAGS}"
  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
  go build .
 }
 check() {
  cd "${pkgname}"
  go test ./...
  version=$(./cmd/caddy/caddy version)
  echo "Caddy version: ${version}"
  if [[ $version != v$pkgver ]]; then
    exit 1
  fi
 }
 package() {
  cd "${pkgname}"
  install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin"
  install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system"
  install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
  install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf"
  install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy"
  install -d "${pkgdir}/etc/caddy/conf.d"
  install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html"
  install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions"
  install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy"
 }
 # vim: ts=2 sw=2 et:
--- a/caddy-api.service
+++ b/caddy-api.service
@ -0,0 +1,62 @@
 # caddy-api.service
 #
 # For using Caddy with its API.
 #
 # This unit is "durable" in that it will automatically resume
 # the last active configuration if the service is restarted.
 #
 # See https://caddyserver.com/docs/install for instructions.
 [Unit]
 Description=Caddy API Server
 Documentation=https://caddyserver.com/docs/
 After=network-online.target
 Wants=network-online.target systemd-networkd-wait-online.service
 StartLimitIntervalSec=14400
 StartLimitBurst=10
 [Service]
 User=caddy
 Group=caddy
 Environment=XDG_DATA_HOME=/var/lib
 Environment=XDG_CONFIG_HOME=/var/lib
 ExecStart=/usr/bin/caddy run --environ --resume
 # Do not allow the process to be restarted in a tight loop. If the
 # process fails to start, something critical needs to be fixed.
 Restart=on-abnormal
 # Use graceful shutdown with a reasonable timeout
 TimeoutStopSec=5s
 LimitNOFILE=1048576
 LimitNPROC=512
 # Hardening options
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 DevicePolicy=closed
 LockPersonality=true
 MemoryAccounting=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
 ProcSubset=pid
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectHostname=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectProc=invisible
 ProtectSystem=strict
 RemoveIPC=true
 ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
 RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 [Install]
 WantedBy=multi-user.target
--- a/caddy.service
+++ b/caddy.service
@ -0,0 +1,71 @@
 # caddy.service
 #
 # For using Caddy with a config file.
 #
 # Make sure the ExecStart and ExecReload commands are correct
 # for your installation.
 #
 # See https://caddyserver.com/docs/install for instructions.
 #
 # WARNING: This service does not use the --resume flag, so if you
 # use the API to make changes, they will be overwritten by the
 # Caddyfile next time the service is restarted. If you intend to
 # use Caddy's API to configure it, add the --resume flag to the
 # `caddy run` command or use the caddy-api.service file instead.
 [Unit]
 Description=Caddy web server
 Documentation=https://caddyserver.com/docs/
 After=network-online.target
 Wants=network-online.target systemd-networkd-wait-online.service
 StartLimitIntervalSec=14400
 StartLimitBurst=10
 [Service]
 User=caddy
 Group=caddy
 Environment=XDG_DATA_HOME=/var/lib
 Environment=XDG_CONFIG_HOME=/etc
 ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
 ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
 ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
 ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket
 # Do not allow the process to be restarted in a tight loop. If the
 # process fails to start, something critical needs to be fixed.
 Restart=on-abnormal
 # Use graceful shutdown with a reasonable timeout
 TimeoutStopSec=5s
 LimitNOFILE=1048576
 LimitNPROC=512
 # Hardening options
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 DevicePolicy=closed
 LockPersonality=true
 MemoryAccounting=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
 ProcSubset=pid
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectHostname=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectProc=invisible
 ProtectSystem=strict
 RemoveIPC=true
 ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
 RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 [Install]
 WantedBy=multi-user.target
--- a/caddy.sysusers
+++ b/caddy.sysusers
@ -0,0 +1 @@
 u caddy - "caddy daemon" /var/lib/caddy
--- a/caddy.tmpfiles
+++ b/caddy.tmpfiles
@ -0,0 +1,3 @@
 d /var/lib/caddy 0750 caddy caddy
 d /var/log/caddy 0750 caddy caddy
 d /run/caddy 0750 caddy caddy
--- a/override-main-module-version.patch
+++ b/override-main-module-version.patch
@ -0,0 +1,28 @@
 From 56eacff9fa3a84b19ac9b8bb7072d9b7d96755e7 Mon Sep 17 00:00:00 2001
 From: anthraxx <levente@leventepolyak.net>
 Date: Sat, 13 Feb 2021 04:56:30 +0100
 Subject: [PATCH] override main module version which we can be filled with the
 correct version
 Go BuildInfo only works if we build from a module, however we simply
 want to build in tree. Therefor override the main module version with
 something that we can dynamically replace.
 ---
 caddy.go | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/caddy.go b/caddy.go
 index 70135ffb..04d95716 100644
 --- a/caddy.go
 +++ b/caddy.go
@@ -679,6 +679,7 @@ func goModule(mod *debug.Module) *debug.Module {
 	mod.Version = "unknown"
 	bi, ok := debug.ReadBuildInfo()
 	if ok {
 +		bi.Main.Version = "unknown"
 		mod.Path = bi.Main.Path
 		// The recommended way to build Caddy involves
 		// creating a separate main module, which
 -- 
 2.30.0
--- a/use-data-dir-for-autosave.patch
+++ b/use-data-dir-for-autosave.patch
@ -0,0 +1,30 @@
 From e3a60a8058d2c75c9bc47f550351d0008aefb314 Mon Sep 17 00:00:00 2001
 From: anthraxx <levente@leventepolyak.net>
 Date: Fri, 12 Feb 2021 19:23:50 +0100
 Subject: [PATCH] storage: use data dir for autosave.json as /etc is write
 protected
 This is more a state file instead of a custom file as caddy also
 persists this. We do not want to have any files in /etc being mapped
 writable, not even the /etc/caddy directory, hence move the persisted
 autosave.json state to the actual application data directory.
 ---
 storage.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/storage.go b/storage.go
 index 62f9b1c6..5babea79 100644
 --- a/storage.go
 +++ b/storage.go
@@ -154,7 +154,7 @@ func AppDataDir() string {
 }
 // ConfigAutosavePath is the default path to which the last config will be persisted.
 -var ConfigAutosavePath = filepath.Join(AppConfigDir(), "autosave.json")
 +var ConfigAutosavePath = filepath.Join(AppDataDir(), "autosave.json")
 // DefaultStorage is Caddy's default storage module.
 var DefaultStorage = &certmagic.FileStorage{Path: AppDataDir()}
 -- 
 2.30.0