Accepting request 1095226 from home:haasn:branches:multimedia:apps

(RFC) - Update to use Airplay 2 protocol. - Fix systemd unit file patch to properly apply hardening even when building with avahi enabled (as present in the spec), and also fix hardening patch to not restrict realtime priority. OBS-URL: https://build.opensuse.org/request/show/1095226 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/shairport-sync?expand=0&rev=35
2023-06-30 04:40:29 +00:00 · 2023-06-30 04:40:29 +00:00 · 5cd9332b21
commit 5cd9332b21
parent 233ce25f8f
4 changed files with 56 additions and 10 deletions
--- a/airplay-server.xml
+++ b/airplay-server.xml
@ -2,8 +2,13 @@
 <service>
  <short>airplay-server</short>
  <description>Airplay Server</description>
+  <port protocol="tcp" port="3689"/>
  <port protocol="tcp" port="5000"/>
-  <port protocol="udp" port="6001"/>
-  <port protocol="udp" port="6002"/>
-  <port protocol="udp" port="6003"/>
+  <port protocol="tcp" port="7000"/>
+  <port protocol="tcp" port="32768-60999"/>
+  <port protocol="udp" port="319"/>
+  <port protocol="udp" port="320"/>
+  <port protocol="udp" port="5353"/>
+  <port protocol="udp" port="6000-6009"/>
+  <port protocol="udp" port="32768-60999"/>
 </service>
--- a/harden_shairport-sync.service.patch
+++ b/harden_shairport-sync.service.patch
@ -1,7 +1,8 @@
-diff -Nur shairport-sync-4.1/scripts/shairport-sync.service.in shairport-sync-4.1-new/scripts/shairport-sync.service.in
--- shairport-sync-4.1/scripts/shairport-sync.service.in	2022-10-28 23:31:18.000000000 +0800
-+++ shairport-sync-4.1-new/scripts/shairport-sync.service.in	2022-11-13 22:26:15.785234171 +0800
-@@ -5,6 +5,17 @@
+diff --git a/scripts/shairport-sync.service-avahi.in b/scripts/shairport-sync.service-avahi.in
+index 4a874c54..6bc80c1e 100644
+--- a/scripts/shairport-sync.service-avahi.in
+++ b/scripts/shairport-sync.service-avahi.in
+@@ -7,6 +7,16 @@ Wants=network-online.target
 After=network.target network-online.target
 
 [Service]
@ -14,8 +15,28 @@ diff -Nur shairport-sync-4.1/scripts/shairport-sync.service.in shairport-sync-4.
 +ProtectKernelModules=true
 +ProtectKernelLogs=true
 +ProtectControlGroups=true
-+RestrictRealtime=true
-+# end of automatic additions 
+# end of automatic additions
+ ExecStart=@prefix@/bin/shairport-sync --log-to-syslog
+ User=shairport-sync
+ Group=shairport-sync
+diff --git a/scripts/shairport-sync.service.in b/scripts/shairport-sync.service.in
+index 18df3f35..791fd89f 100644
+--- a/scripts/shairport-sync.service.in
+++ b/scripts/shairport-sync.service.in
+@@ -5,6 +5,16 @@ Wants=network-online.target
+ After=network.target network-online.target
+ 
+ [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# end of automatic additions
 ExecStart=@prefix@/bin/shairport-sync --log-to-syslog
 User=shairport-sync
 Group=shairport-sync
--- a/shairport-sync.changes
+++ b/shairport-sync.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Sun Jun 25 15:57:57 UTC 2023 - Niklas Haas <obs@haasn.xyz>
+
+- Fix systemd unit file patch to properly apply hardening even
+  when building with avahi enabled (as present in the spec), and also
+  fix hardening patch to not restrict realtime priority.
+
+-------------------------------------------------------------------
+Sun Jun 25 15:37:02 UTC 2023 - Niklas Haas <obs@haasn.xyz>
+
+- Update to use Airplay 2 protocol.
+
 -------------------------------------------------------------------
 Sun Jun 25 11:44:48 UTC 2023 - Niklas Haas <obs@haasn.xyz>

--- a/shairport-sync.spec
+++ b/shairport-sync.spec
@ -36,18 +36,25 @@ BuildRequires:  gcc-c++
 BuildRequires:  gnome-common
 BuildRequires:  pkgconfig
 BuildRequires:  systemd-rpm-macros
+BuildRequires:  xxd
 BuildRequires:  pkgconfig(alsa)
 BuildRequires:  pkgconfig(avahi-client)
+BuildRequires:  pkgconfig(libavutil)
 BuildRequires:  pkgconfig(libconfig)
 BuildRequires:  pkgconfig(libdaemon)
+BuildRequires:  pkgconfig(libgcrypt)
 BuildRequires:  pkgconfig(libpipewire-0.3)
+BuildRequires:  pkgconfig(libplist-2.0)
 BuildRequires:  pkgconfig(libpulse)
+BuildRequires:  pkgconfig(libsodium)
 BuildRequires:  pkgconfig(openssl)
 BuildRequires:  pkgconfig(popt)
 BuildRequires:  pkgconfig(sndfile)
 BuildRequires:  pkgconfig(soxr)
 BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(uuid)
 Requires:       firewalld
+Requires:       nqptp
 Requires(pre):  shadow
 %{?systemd_ordering}

@ -82,7 +89,8 @@ autoreconf -i -f
           --with-soxr \
           --with-metadata \
           --with-configfiles \
-           --with-convolution
+           --with-convolution \
+           --with-airplay-2
 %make_build

 %install