From dd3ec212e6223c6fe357b39e41c6ad3df71d6c1a Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 21 Feb 2025 15:37:44 -0500 Subject: [PATCH] speakersafetyd: update to 1.1.2, run as non-root --- srcpkgs/speakersafetyd/files/speakersafetyd/run | 13 ++++++++++++- srcpkgs/speakersafetyd/template | 8 +++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/srcpkgs/speakersafetyd/files/speakersafetyd/run b/srcpkgs/speakersafetyd/files/speakersafetyd/run index eacab8036a8..70761f516ed 100755 --- a/srcpkgs/speakersafetyd/files/speakersafetyd/run +++ b/srcpkgs/speakersafetyd/files/speakersafetyd/run @@ -1,3 +1,14 @@ #!/bin/sh + +_user=_speakersafetyd +! [ -d /run/speakersafetyd ] && install -m 700 -g $_user -o $_user -d /run/speakersafetyd +chown -R $_user:$_user /run/speakersafetyd + +_caps=-all,+sys_nice + exec 2>&1 -exec /usr/bin/speakersafetyd -c /usr/share/speakersafetyd/ -b /var/lib/speakersafetyd/blackbox -m 7 +exec setpriv --reuid $_user --regid audio --clear-groups \ + --ambient-caps $_caps \ + --inh-caps $_caps \ + --bounding-set $_caps \ + --no-new-privs -- speakersafetyd -c /usr/share/speakersafetyd/ -b /var/lib/speakersafetyd/blackbox -m 7 diff --git a/srcpkgs/speakersafetyd/template b/srcpkgs/speakersafetyd/template index c862821bd96..2e3f6244331 100644 --- a/srcpkgs/speakersafetyd/template +++ b/srcpkgs/speakersafetyd/template @@ -1,6 +1,6 @@ # Template file for 'speakersafetyd' pkgname=speakersafetyd -version=1.0.2 +version=1.1.2 revision=1 build_style=cargo hostmakedepends="alsa-lib pkg-config" @@ -10,8 +10,10 @@ maintainer="dkwo " license="MIT" homepage="https://github.com/AsahiLinux/speakersafetyd" distfiles="https://github.com/AsahiLinux/speakersafetyd/archive/refs/tags/${version}.tar.gz" -checksum=844ae3719c029e826f58c3799b6e358d189b0c42ade7a91f6c35b960cae35919 -make_dirs="/var/lib/speakersafetyd/blackbox 0755 root root" +checksum=b3ccbbf4c3ee0da537203186f80eb8f3cc16037bf41f4cd0de50b7cd25dd713f + +system_accounts="_speakersafetyd" +make_dirs="/var/lib/${pkgname}/blackbox 0700 _${pkgname} _${pkgname}" post_install() { DESTDIR="${DESTDIR}" make install-data