From 9b383d1581b26fd70aa1bb0d352158b0ccd887f858def056b974c4fefbbba42e Mon Sep 17 00:00:00 2001 From: Hillwood Yang Date: Tue, 24 Oct 2023 06:53:53 +0000 Subject: [PATCH 1/5] Accepting request 1119865 from home:hillwood:branches:server:proxy - Fix boo#1216372 and boo#1216373 OBS-URL: https://build.opensuse.org/request/show/1119865 OBS-URL: https://build.opensuse.org/package/show/server:proxy/shadowsocks-libev?expand=0&rev=51 --- shadowsocks-libev-client.service | 2 ++ shadowsocks-libev-client@.service | 2 ++ shadowsocks-libev-manager.service | 2 ++ shadowsocks-libev-nat.service | 2 ++ shadowsocks-libev-nat@.service | 2 ++ shadowsocks-libev-redir.service | 2 ++ shadowsocks-libev-redir@.service | 2 ++ shadowsocks-libev-server.service | 2 ++ shadowsocks-libev-server@.service | 2 ++ shadowsocks-libev-tunnel.service | 2 ++ shadowsocks-libev-tunnel@.service | 2 ++ shadowsocks-libev.changes | 5 +++++ shadowsocks-libev.spec | 5 +++++ 13 files changed, 32 insertions(+) diff --git a/shadowsocks-libev-client.service b/shadowsocks-libev-client.service index 33ad664..4e59208 100644 --- a/shadowsocks-libev-client.service +++ b/shadowsocks-libev-client.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-client.pid ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-client.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-client@.service b/shadowsocks-libev-client@.service index 8d9e79a..a48daaf 100644 --- a/shadowsocks-libev-client@.service +++ b/shadowsocks-libev-client@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-client@%i.pid ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-client@%i.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-manager.service b/shadowsocks-libev-manager.service index 334c229..efea3ab 100644 --- a/shadowsocks-libev-manager.service +++ b/shadowsocks-libev-manager.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-manager.pid ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-manager.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-nat.service b/shadowsocks-libev-nat.service index 961463d..5ccaa02 100644 --- a/shadowsocks-libev-nat.service +++ b/shadowsocks-libev-nat.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-nat.pid ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-nat.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-nat@.service b/shadowsocks-libev-nat@.service index 76ea729..89d6c49 100644 --- a/shadowsocks-libev-nat@.service +++ b/shadowsocks-libev-nat@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-nat@%i.pid ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-nat@%i.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-redir.service b/shadowsocks-libev-redir.service index 6e0e9e3..f9e88ec 100644 --- a/shadowsocks-libev-redir.service +++ b/shadowsocks-libev-redir.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-redir.pid ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-redir.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-redir@.service b/shadowsocks-libev-redir@.service index 5c6896a..15bbf4b 100644 --- a/shadowsocks-libev-redir@.service +++ b/shadowsocks-libev-redir@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-redir@%i.pid ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-redir@%i.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-server.service b/shadowsocks-libev-server.service index f08c3e0..dc6917c 100644 --- a/shadowsocks-libev-server.service +++ b/shadowsocks-libev-server.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-server.pid ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-server.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-server@.service b/shadowsocks-libev-server@.service index e9ed491..1d38d72 100644 --- a/shadowsocks-libev-server@.service +++ b/shadowsocks-libev-server@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-server@%i.pid ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-server@%i.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-tunnel.service b/shadowsocks-libev-tunnel.service index a3ad0bb..45bebe5 100644 --- a/shadowsocks-libev-tunnel.service +++ b/shadowsocks-libev-tunnel.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-tunnel.pid ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-tunnel.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-tunnel@.service b/shadowsocks-libev-tunnel@.service index ff6cddd..44b46d9 100644 --- a/shadowsocks-libev-tunnel@.service +++ b/shadowsocks-libev-tunnel@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-tunnel@%i.pid ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-tunnel@%i.pid -u --fast-open Restart=on-failure +User=shairport-sync +Group=shairport-sync [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev.changes b/shadowsocks-libev.changes index fcc6719..9487923 100644 --- a/shadowsocks-libev.changes +++ b/shadowsocks-libev.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 24 06:50:28 UTC 2023 - Hillwood Yang + +- Fix boo#1216372 and boo#1216373 + ------------------------------------------------------------------- Mon May 8 11:30:20 UTC 2023 - Jaime Marquínez Ferrándiz diff --git a/shadowsocks-libev.spec b/shadowsocks-libev.spec index 3995988..31778ea 100644 --- a/shadowsocks-libev.spec +++ b/shadowsocks-libev.spec @@ -153,6 +153,10 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcshadowsocks-libev-tunnel@ %service_add_pre %{name}-nat@.service %service_add_pre %{name}-redir@.service %service_add_pre %{name}-tunnel@.service +getent group shadowsocks >/dev/null || %{_sbindir}/groupadd --system shadowsocks +getent passwd shadowsocks >/dev/null || %{_sbindir}/useradd --system -c "shadowsocks User" \ + -d %{_localstatedir}/shadowsocks -m -g shadowsocks -s %{_sbindir}/nologin \ + shadowsocks %post %service_add_post %{name}-server.service @@ -166,6 +170,7 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcshadowsocks-libev-tunnel@ %service_add_post %{name}-nat@.service %service_add_post %{name}-redir@.service %service_add_post %{name}-tunnel@.service +chown shadowsocks:shadowsocks %{_sysconfdir}/shadowsocks -R %preun %service_del_preun %{name}-server.service From 387e98cbac9c1f4e9d904f477ae2957be57e2d218890622f2680640883662f00 Mon Sep 17 00:00:00 2001 From: Hillwood Yang Date: Tue, 24 Oct 2023 07:03:51 +0000 Subject: [PATCH 2/5] Accepting request 1119868 from home:hillwood:branches:server:proxy OBS-URL: https://build.opensuse.org/request/show/1119868 OBS-URL: https://build.opensuse.org/package/show/server:proxy/shadowsocks-libev?expand=0&rev=52 --- shadowsocks-libev.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/shadowsocks-libev.spec b/shadowsocks-libev.spec index 31778ea..2863734 100644 --- a/shadowsocks-libev.spec +++ b/shadowsocks-libev.spec @@ -57,6 +57,7 @@ BuildRequires: asciidoc BuildRequires: systemd-rpm-macros BuildRequires: xmlto BuildRequires: pkgconfig(systemd) +Requires(pre): shadow Recommends: shadowsocks-v2ray-plugin BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?systemd_ordering} From 2a871b62ad3d3a6218bc20c787b9d4d13ffa6eab38a6897d3c7fdcb2b4217e63 Mon Sep 17 00:00:00 2001 From: Hillwood Yang Date: Wed, 25 Oct 2023 06:46:07 +0000 Subject: [PATCH 3/5] Accepting request 1120169 from home:hillwood:branches:server:proxy OBS-URL: https://build.opensuse.org/request/show/1120169 OBS-URL: https://build.opensuse.org/package/show/server:proxy/shadowsocks-libev?expand=0&rev=53 --- shadowsocks-libev.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shadowsocks-libev.spec b/shadowsocks-libev.spec index 2863734..9abf660 100644 --- a/shadowsocks-libev.spec +++ b/shadowsocks-libev.spec @@ -171,7 +171,7 @@ getent passwd shadowsocks >/dev/null || %{_sbindir}/useradd --system -c "shadows %service_add_post %{name}-nat@.service %service_add_post %{name}-redir@.service %service_add_post %{name}-tunnel@.service -chown shadowsocks:shadowsocks %{_sysconfdir}/shadowsocks -R +chown root:shadowsocks %{_sysconfdir}/shadowsocks -R %preun %service_del_preun %{name}-server.service From 0232a1d52a16a264daefc1125515876599c1a47d88fb09394ad9d13155fae039 Mon Sep 17 00:00:00 2001 From: Hillwood Yang Date: Wed, 25 Oct 2023 13:10:32 +0000 Subject: [PATCH 4/5] Accepting request 1120276 from home:hillwood:branches:server:proxy - Fix boo#1216372 and boo#1216373, run systemd service as a dedicated user and group OBS-URL: https://build.opensuse.org/request/show/1120276 OBS-URL: https://build.opensuse.org/package/show/server:proxy/shadowsocks-libev?expand=0&rev=54 --- shadowsocks-libev.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shadowsocks-libev.changes b/shadowsocks-libev.changes index 9487923..cfb3c87 100644 --- a/shadowsocks-libev.changes +++ b/shadowsocks-libev.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Tue Oct 24 06:50:28 UTC 2023 - Hillwood Yang -- Fix boo#1216372 and boo#1216373 +- Fix boo#1216372 and boo#1216373, run systemd service as a dedicated user and group ------------------------------------------------------------------- Mon May 8 11:30:20 UTC 2023 - Jaime Marquínez Ferrándiz From 105e127b7b02301e1c753512cc6bad060a33f2fda3616fa6c5a1e2416e00cf8c Mon Sep 17 00:00:00 2001 From: Hillwood Yang Date: Thu, 26 Oct 2023 02:59:15 +0000 Subject: [PATCH 5/5] Accepting request 1120405 from home:hillwood:branches:server:proxy OBS-URL: https://build.opensuse.org/request/show/1120405 OBS-URL: https://build.opensuse.org/package/show/server:proxy/shadowsocks-libev?expand=0&rev=55 --- shadowsocks-libev-client.service | 4 ++-- shadowsocks-libev-client@.service | 4 ++-- shadowsocks-libev-manager.service | 4 ++-- shadowsocks-libev-nat.service | 4 ++-- shadowsocks-libev-nat@.service | 4 ++-- shadowsocks-libev-redir.service | 4 ++-- shadowsocks-libev-redir@.service | 4 ++-- shadowsocks-libev-server.service | 4 ++-- shadowsocks-libev-server@.service | 4 ++-- shadowsocks-libev-tunnel.service | 4 ++-- shadowsocks-libev-tunnel@.service | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/shadowsocks-libev-client.service b/shadowsocks-libev-client.service index 4e59208..dbf2c27 100644 --- a/shadowsocks-libev-client.service +++ b/shadowsocks-libev-client.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-client.pid ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-client.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-client@.service b/shadowsocks-libev-client@.service index a48daaf..9808e40 100644 --- a/shadowsocks-libev-client@.service +++ b/shadowsocks-libev-client@.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-client@%i.pid ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-client@%i.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-manager.service b/shadowsocks-libev-manager.service index efea3ab..6d0f6da 100644 --- a/shadowsocks-libev-manager.service +++ b/shadowsocks-libev-manager.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-manager.pid ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-manager.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-nat.service b/shadowsocks-libev-nat.service index 5ccaa02..150cdf5 100644 --- a/shadowsocks-libev-nat.service +++ b/shadowsocks-libev-nat.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-nat.pid ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-nat.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-nat@.service b/shadowsocks-libev-nat@.service index 89d6c49..9e7b167 100644 --- a/shadowsocks-libev-nat@.service +++ b/shadowsocks-libev-nat@.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-nat@%i.pid ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-nat@%i.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-redir.service b/shadowsocks-libev-redir.service index f9e88ec..654e257 100644 --- a/shadowsocks-libev-redir.service +++ b/shadowsocks-libev-redir.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-redir.pid ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-redir.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-redir@.service b/shadowsocks-libev-redir@.service index 15bbf4b..0caa433 100644 --- a/shadowsocks-libev-redir@.service +++ b/shadowsocks-libev-redir@.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-redir@%i.pid ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-redir@%i.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-server.service b/shadowsocks-libev-server.service index dc6917c..8ff257d 100644 --- a/shadowsocks-libev-server.service +++ b/shadowsocks-libev-server.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-server.pid ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-server.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-server@.service b/shadowsocks-libev-server@.service index 1d38d72..c241d1e 100644 --- a/shadowsocks-libev-server@.service +++ b/shadowsocks-libev-server@.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-server@%i.pid ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-server@%i.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-tunnel.service b/shadowsocks-libev-tunnel.service index 45bebe5..ea3cc93 100644 --- a/shadowsocks-libev-tunnel.service +++ b/shadowsocks-libev-tunnel.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-tunnel.pid ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-tunnel.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-tunnel@.service b/shadowsocks-libev-tunnel@.service index 44b46d9..4ffa8d3 100644 --- a/shadowsocks-libev-tunnel@.service +++ b/shadowsocks-libev-tunnel@.service @@ -21,8 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-tunnel@%i.pid ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-tunnel@%i.pid -u --fast-open Restart=on-failure -User=shairport-sync -Group=shairport-sync +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target