diff --git a/.SRCINFO b/.SRCINFO index f7bb606..20667f1 100644 --- a/.SRCINFO +++ b/.SRCINFO @@ -1,36 +1,17 @@ -generated-by = makedeb-makepkg - -pkgbase = caddy - pkgdesc = Fast web server with automatic HTTPS - pkgver = 2.4.5 - pkgrel = 1 - url = https://caddyserver.com - arch = x86_64 - license = Apache - makedepends = gcc - makedepends = libc-dev - makedepends = golang-go>=2:1.16~1 - makedepends = git - depends = libc-bin - backup = etc/caddy/Caddyfile - source = git+https://github.com/caddyserver/caddy#tag=v2.4.5?signed - source = caddy-dist::git+https://github.com/caddyserver/dist#commit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064 - source = caddy.service - source = caddy-api.service - source = caddy.tmpfiles - source = caddy.sysusers - source = Caddyfile - source = use-data-dir-for-autosave.patch - source = override-main-module-version.patch - validpgpkeys = 29D0817A67156E4F25DC24782A349DD577D586A5 - sha512sums = SKIP - sha512sums = SKIP - sha512sums = b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806 - sha512sums = a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0 - sha512sums = 55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742 - sha512sums = c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f - sha512sums = 716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0 - sha512sums = 563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41 - sha512sums = b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b - +generated-by = makedeb pkgname = caddy +pkgbase = caddy +pkgdesc = Fast web server with automatic HTTPS +pkgrel = 1 +pkgver = 2.6.4 +url = https://caddyserver.com +arch = amd64 +backup = /etc/caddy/Caddyfile +depends = libc-bin +license = Apache +source = https://github.com/caddyserver/caddy/releases/download/v2.6.4/caddy_2.6.4_linux_amd64.tar.gz +source = caddy.service +source = Caddyfile +sha512sums = eed413b035ffacedfaf751a8431285c5d9a0a81a2a861444f4b95dd4c7508eabe2f3fcba6c5b8e6c70e30c9351dfa96ba39def47fa0879334d965dae3a869f1a +sha512sums = 48ce631d19a40a66fdddb5779c909c21ea858e350a45c4459023a957377e2af7712b53bf8ce4f911ff5db1c7e5b3942477fea66f407ad0de1912a9bd8bd954a4 +sha512sums = 64bfcef743eadd1fc1bc49b5e8c9ec91bbb97997a5b903283f6fe54143326758210d43210fda7aef26c7fadacfedd3685c66e179cd90e75a854aca68cfaf01e6 diff --git a/.gitignore b/.gitignore index c8fdfd4..7bf3fa6 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ caddy/ caddy_*.deb pkg/ src/ +*.tar.gz diff --git a/Caddyfile b/Caddyfile index e8dda50..e0cc596 100644 --- a/Caddyfile +++ b/Caddyfile @@ -10,31 +10,5 @@ # # https://caddyserver.com/docs/caddyfile/concepts#addresses -{ - # Restrict the admin interface to a local unix file socket whose directory - # is restricted to caddy:caddy. By default the TCP socket allows arbitrary - # modification for any process and user that has access to the local - # interface. If admin over TCP is turned on one should make sure - # implications are well understood. - admin "unix//run/caddy/admin.socket" -} - -http:// { - # Set this path to your site's directory. - root * /usr/share/caddy - - # Enable the static file server. - file_server - - # Another common task is to set up a reverse proxy: - # reverse_proxy localhost:8080 - - # Or serve a PHP site through php-fpm: - # php_fastcgi localhost:9000 - - # Refer to the directive documentation for more options. - # https://caddyserver.com/docs/caddyfile/directives -} - # Import additional caddy config files in /etc/caddy/conf.d/ import /etc/caddy/conf.d/* diff --git a/PKGBUILD b/PKGBUILD index e1caee0..54b476b 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -1,91 +1,27 @@ -# Maintainer: Roland Vet +# Maintainer: Jonathan Apodaca -pkgname=caddy -pkgver=2.4.5 -_gitcommit=v2.4.5 -_distcommit=093d76bdd6ecacd8aeb21de3aa0c35b82a0eb064 +pkgname=caddy-bin +pkgver=2.6.4 pkgrel=1 pkgdesc='Fast web server with automatic HTTPS' url='https://caddyserver.com' -arch=('x86_64') +arch=('amd64') license=('Apache') depends=('libc-bin') -makedepends=('gcc' 'libc-dev' 'golang-go>=2:1.16~1' 'git') -backup=('etc/caddy/Caddyfile') -source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed" - caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}" +backup=('/etc/caddy/Caddyfile') + +source=("https://github.com/caddyserver/caddy/releases/download/v${pkgver}/caddy_${pkgver}_linux_amd64.tar.gz" caddy.service - caddy-api.service - caddy.tmpfiles - caddy.sysusers - Caddyfile - use-data-dir-for-autosave.patch - override-main-module-version.patch) -sha512sums=('SKIP' - 'SKIP' - 'b6f69b9818b1807ebd614f696f39ca2bacc58b748273d1122c2a96641093c2acf9e168ff6a2d5b2e8b2da073993b5245740d77975d4ca823ff0598675a6b7806' - 'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0' - '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742' - 'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f' - '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0' - '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41' - 'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b') -validpgpkeys=( - 29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt -) - -pkgver() { - cd ${pkgname} - git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g' -} - -prepare() { - cd "${pkgname}" - # welcome page - cp ../caddy-dist/welcome/index.html . - sed 's|/var/www/html|/srv/http|g' -i index.html - # do not write in /etc - patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch" - # fix version identifier if not built from a module - patch -Np1 < "${srcdir}/override-main-module-version.patch" - sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go -} - -build() { - cd "${pkgname}/cmd/caddy/" - export CGO_LDFLAGS="${LDFLAGS}" - export CGO_CPPFLAGS="${CPPFLAGS}" - export CGO_CFLAGS="${CFLAGS}" - export CGO_CXXFLAGS="${CXXFLAGS}" - export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" - go build . -} - -check() { - cd "${pkgname}" - go test ./... - version=$(./cmd/caddy/caddy version) - echo "Caddy version: ${version}" - if [[ $version != v$pkgver ]]; then - exit 1 - fi -} + Caddyfile) +sha512sums=('eed413b035ffacedfaf751a8431285c5d9a0a81a2a861444f4b95dd4c7508eabe2f3fcba6c5b8e6c70e30c9351dfa96ba39def47fa0879334d965dae3a869f1a' + '48ce631d19a40a66fdddb5779c909c21ea858e350a45c4459023a957377e2af7712b53bf8ce4f911ff5db1c7e5b3942477fea66f407ad0de1912a9bd8bd954a4' + '64bfcef743eadd1fc1bc49b5e8c9ec91bbb97997a5b903283f6fe54143326758210d43210fda7aef26c7fadacfedd3685c66e179cd90e75a854aca68cfaf01e6') +extensions=() package() { - cd "${pkgname}" - install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin" - - install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system" - install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" - install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf" - - install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy" - install -d "${pkgdir}/etc/caddy/conf.d" - - install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html" - - install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions" - install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy" + install -Dm755 "${srcdir}/caddy" "${pkgdir}/usr/bin/caddy" + install -Dm644 "${srcdir}/Caddyfile" "${pkgdir}/etc/caddy/Caddyfile" + install -Dm644 "${srcdir}/caddy.service" "${pkgdir}/usr/lib/systemd/system/caddy.service" } # vim: ts=2 sw=2 et: diff --git a/caddy.service b/caddy.service index 96259b4..80f0492 100644 --- a/caddy.service +++ b/caddy.service @@ -22,8 +22,6 @@ StartLimitIntervalSec=14400 StartLimitBurst=10 [Service] -User=caddy -Group=caddy Environment=XDG_DATA_HOME=/var/lib Environment=XDG_CONFIG_HOME=/etc ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile @@ -38,34 +36,5 @@ Restart=on-abnormal # Use graceful shutdown with a reasonable timeout TimeoutStopSec=5s -LimitNOFILE=1048576 -LimitNPROC=512 - -# Hardening options -AmbientCapabilities=CAP_NET_BIND_SERVICE -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -DevicePolicy=closed -LockPersonality=true -MemoryAccounting=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProcSubset=pid -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectProc=invisible -ProtectSystem=strict -RemoveIPC=true -ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy -RestrictNamespaces=true -RestrictRealtime=true -RestrictSUIDSGID=true - [Install] WantedBy=multi-user.target diff --git a/caddy.sysusers b/caddy.sysusers deleted file mode 100644 index 6fb5633..0000000 --- a/caddy.sysusers +++ /dev/null @@ -1 +0,0 @@ -u caddy - "caddy daemon" /var/lib/caddy diff --git a/caddy.tmpfiles b/caddy.tmpfiles deleted file mode 100644 index 25f170f..0000000 --- a/caddy.tmpfiles +++ /dev/null @@ -1,3 +0,0 @@ -d /var/lib/caddy 0750 caddy caddy -d /var/log/caddy 0750 caddy caddy -d /run/caddy 0750 caddy caddy diff --git a/override-main-module-version.patch b/override-main-module-version.patch deleted file mode 100644 index d64eea2..0000000 --- a/override-main-module-version.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 56eacff9fa3a84b19ac9b8bb7072d9b7d96755e7 Mon Sep 17 00:00:00 2001 -From: anthraxx -Date: Sat, 13 Feb 2021 04:56:30 +0100 -Subject: [PATCH] override main module version which we can be filled with the - correct version - -Go BuildInfo only works if we build from a module, however we simply -want to build in tree. Therefor override the main module version with -something that we can dynamically replace. ---- - caddy.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/caddy.go b/caddy.go -index 70135ffb..04d95716 100644 ---- a/caddy.go -+++ b/caddy.go -@@ -679,6 +679,7 @@ func goModule(mod *debug.Module) *debug.Module { - mod.Version = "unknown" - bi, ok := debug.ReadBuildInfo() - if ok { -+ bi.Main.Version = "unknown" - mod.Path = bi.Main.Path - // The recommended way to build Caddy involves - // creating a separate main module, which --- -2.30.0 - diff --git a/use-data-dir-for-autosave.patch b/use-data-dir-for-autosave.patch deleted file mode 100644 index 5958167..0000000 --- a/use-data-dir-for-autosave.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e3a60a8058d2c75c9bc47f550351d0008aefb314 Mon Sep 17 00:00:00 2001 -From: anthraxx -Date: Fri, 12 Feb 2021 19:23:50 +0100 -Subject: [PATCH] storage: use data dir for autosave.json as /etc is write - protected - -This is more a state file instead of a custom file as caddy also -persists this. We do not want to have any files in /etc being mapped -writable, not even the /etc/caddy directory, hence move the persisted -autosave.json state to the actual application data directory. ---- - storage.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/storage.go b/storage.go -index 62f9b1c6..5babea79 100644 ---- a/storage.go -+++ b/storage.go -@@ -154,7 +154,7 @@ func AppDataDir() string { - } - - // ConfigAutosavePath is the default path to which the last config will be persisted. --var ConfigAutosavePath = filepath.Join(AppConfigDir(), "autosave.json") -+var ConfigAutosavePath = filepath.Join(AppDataDir(), "autosave.json") - - // DefaultStorage is Caddy's default storage module. - var DefaultStorage = &certmagic.FileStorage{Path: AppDataDir()} --- -2.30.0 -