From 5cd9332b2129ff7328f8674eeccadb3d07b0f743aa4349bd706f2ef033e026c8 Mon Sep 17 00:00:00 2001
From: Martin Pluskal <mpluskal@suse.com>
Date: Fri, 30 Jun 2023 04:40:29 +0000
Subject: [PATCH] Accepting request 1095226 from
 home:haasn:branches:multimedia:apps

(RFC)
- Update to use Airplay 2 protocol.
- Fix systemd unit file patch to properly apply hardening even
  when building with avahi enabled (as present in the spec), and also
  fix hardening patch to not restrict realtime priority.

OBS-URL: https://build.opensuse.org/request/show/1095226
OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/shairport-sync?expand=0&rev=35
---
 airplay-server.xml                  | 11 +++++++---
 harden_shairport-sync.service.patch | 33 +++++++++++++++++++++++------
 shairport-sync.changes              | 12 +++++++++++
 shairport-sync.spec                 | 10 ++++++++-
 4 files changed, 56 insertions(+), 10 deletions(-)

diff --git a/airplay-server.xml b/airplay-server.xml
index 81b16dc..22adec0 100644
--- a/airplay-server.xml
+++ b/airplay-server.xml
@@ -2,8 +2,13 @@
 <service>
   <short>airplay-server</short>
   <description>Airplay Server</description>
+  <port protocol="tcp" port="3689"/>
   <port protocol="tcp" port="5000"/>
-  <port protocol="udp" port="6001"/>
-  <port protocol="udp" port="6002"/>
-  <port protocol="udp" port="6003"/>
+  <port protocol="tcp" port="7000"/>
+  <port protocol="tcp" port="32768-60999"/>
+  <port protocol="udp" port="319"/>
+  <port protocol="udp" port="320"/>
+  <port protocol="udp" port="5353"/>
+  <port protocol="udp" port="6000-6009"/>
+  <port protocol="udp" port="32768-60999"/>
 </service>
diff --git a/harden_shairport-sync.service.patch b/harden_shairport-sync.service.patch
index 8a89a91..231773d 100644
--- a/harden_shairport-sync.service.patch
+++ b/harden_shairport-sync.service.patch
@@ -1,7 +1,8 @@
-diff -Nur shairport-sync-4.1/scripts/shairport-sync.service.in shairport-sync-4.1-new/scripts/shairport-sync.service.in
---- shairport-sync-4.1/scripts/shairport-sync.service.in	2022-10-28 23:31:18.000000000 +0800
-+++ shairport-sync-4.1-new/scripts/shairport-sync.service.in	2022-11-13 22:26:15.785234171 +0800
-@@ -5,6 +5,17 @@
+diff --git a/scripts/shairport-sync.service-avahi.in b/scripts/shairport-sync.service-avahi.in
+index 4a874c54..6bc80c1e 100644
+--- a/scripts/shairport-sync.service-avahi.in
++++ b/scripts/shairport-sync.service-avahi.in
+@@ -7,6 +7,16 @@ Wants=network-online.target
  After=network.target network-online.target
  
  [Service]
@@ -14,8 +15,28 @@ diff -Nur shairport-sync-4.1/scripts/shairport-sync.service.in shairport-sync-4.
 +ProtectKernelModules=true
 +ProtectKernelLogs=true
 +ProtectControlGroups=true
-+RestrictRealtime=true
-+# end of automatic additions 
++# end of automatic additions
+ ExecStart=@prefix@/bin/shairport-sync --log-to-syslog
+ User=shairport-sync
+ Group=shairport-sync
+diff --git a/scripts/shairport-sync.service.in b/scripts/shairport-sync.service.in
+index 18df3f35..791fd89f 100644
+--- a/scripts/shairport-sync.service.in
++++ b/scripts/shairport-sync.service.in
+@@ -5,6 +5,16 @@ Wants=network-online.target
+ After=network.target network-online.target
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++# end of automatic additions
  ExecStart=@prefix@/bin/shairport-sync --log-to-syslog
  User=shairport-sync
  Group=shairport-sync
diff --git a/shairport-sync.changes b/shairport-sync.changes
index 6e19cad..4f9d1a5 100644
--- a/shairport-sync.changes
+++ b/shairport-sync.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Sun Jun 25 15:57:57 UTC 2023 - Niklas Haas <obs@haasn.xyz>
+
+- Fix systemd unit file patch to properly apply hardening even
+  when building with avahi enabled (as present in the spec), and also
+  fix hardening patch to not restrict realtime priority.
+
+-------------------------------------------------------------------
+Sun Jun 25 15:37:02 UTC 2023 - Niklas Haas <obs@haasn.xyz>
+
+- Update to use Airplay 2 protocol.
+
 -------------------------------------------------------------------
 Sun Jun 25 11:44:48 UTC 2023 - Niklas Haas <obs@haasn.xyz>
 
diff --git a/shairport-sync.spec b/shairport-sync.spec
index 17aafda..1cd09af 100644
--- a/shairport-sync.spec
+++ b/shairport-sync.spec
@@ -36,18 +36,25 @@ BuildRequires:  gcc-c++
 BuildRequires:  gnome-common
 BuildRequires:  pkgconfig
 BuildRequires:  systemd-rpm-macros
+BuildRequires:  xxd
 BuildRequires:  pkgconfig(alsa)
 BuildRequires:  pkgconfig(avahi-client)
+BuildRequires:  pkgconfig(libavutil)
 BuildRequires:  pkgconfig(libconfig)
 BuildRequires:  pkgconfig(libdaemon)
+BuildRequires:  pkgconfig(libgcrypt)
 BuildRequires:  pkgconfig(libpipewire-0.3)
+BuildRequires:  pkgconfig(libplist-2.0)
 BuildRequires:  pkgconfig(libpulse)
+BuildRequires:  pkgconfig(libsodium)
 BuildRequires:  pkgconfig(openssl)
 BuildRequires:  pkgconfig(popt)
 BuildRequires:  pkgconfig(sndfile)
 BuildRequires:  pkgconfig(soxr)
 BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(uuid)
 Requires:       firewalld
+Requires:       nqptp
 Requires(pre):  shadow
 %{?systemd_ordering}
 
@@ -82,7 +89,8 @@ autoreconf -i -f
            --with-soxr \
            --with-metadata \
            --with-configfiles \
-           --with-convolution
+           --with-convolution \
+           --with-airplay-2
 %make_build
 
 %install