From acd25c913bface483531140e363923f49c5fef8d Mon Sep 17 00:00:00 2001 From: David P Date: Sun, 27 Sep 2020 17:35:34 -0300 Subject: configs/releng: remove custom reflector.service and use the service provided by the package parabolaiso specific options are placed in a /etc/systemd/system/reflector.service.d/parabolaiso.conf drop-in. NM dispatcher script now simplified to look similar to its systemd counterpart Signed-off-by: David P --- .../etc/NetworkManager/dispatcher.d/reflector | 9 +++-- .../etc/NetworkManager/dispatcher.d/reflector | 9 +++-- .../multi-user.target.wants/reflector.service | 2 +- .../airootfs/etc/systemd/system/reflector.service | 44 ---------------------- .../system/reflector.service.d/parabolaiso.conf | 6 +++ .../airootfs/etc/xdg/reflector/reflector.conf | 6 +++ .../multi-user.target.wants/reflector.service | 2 +- .../airootfs/etc/systemd/system/reflector.service | 44 ---------------------- .../system/reflector.service.d/parabolaiso.conf | 6 +++ .../airootfs/etc/xdg/reflector/reflector.conf | 6 +++ 10 files changed, 36 insertions(+), 98 deletions(-) delete mode 100644 configs/releng/airootfs/etc/systemd/system/reflector.service create mode 100644 configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf create mode 100644 configs/releng/airootfs/etc/xdg/reflector/reflector.conf delete mode 100644 configs/talkingparabola/airootfs/etc/systemd/system/reflector.service create mode 100644 configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf create mode 100644 configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf (limited to 'configs') diff --git a/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector b/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector index 17ba099..5618511 100755 --- a/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector +++ b/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector @@ -3,8 +3,9 @@ # SPDX-License-Identifier: GPL-3.0-or-later if [ "$2" == up ] && ! grep -qoP 'mirror=\K\S+' /proc/cmdline; then - # shellcheck disable=SC2034 - XDG_CACHE_HOME=/var/cache/reflector - umask 177 - /usr/bin/reflector --protocol https --latest 15 --sort rate --save /etc/pacman.d/mirrorlist + reflector \ + --save /etc/pacman.d/mirrorlist \ + --protocol https \ + --latest 70 \ + --sort rate fi diff --git a/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector b/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector index 17ba099..5618511 100755 --- a/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector +++ b/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector @@ -3,8 +3,9 @@ # SPDX-License-Identifier: GPL-3.0-or-later if [ "$2" == up ] && ! grep -qoP 'mirror=\K\S+' /proc/cmdline; then - # shellcheck disable=SC2034 - XDG_CACHE_HOME=/var/cache/reflector - umask 177 - /usr/bin/reflector --protocol https --latest 15 --sort rate --save /etc/pacman.d/mirrorlist + reflector \ + --save /etc/pacman.d/mirrorlist \ + --protocol https \ + --latest 70 \ + --sort rate fi diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service index f5071ce..d372729 120000 --- a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service @@ -1 +1 @@ -../reflector.service \ No newline at end of file +/usr/lib/systemd/system/reflector.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service b/configs/releng/airootfs/etc/systemd/system/reflector.service deleted file mode 100644 index 4058e36..0000000 --- a/configs/releng/airootfs/etc/systemd/system/reflector.service +++ /dev/null @@ -1,44 +0,0 @@ -# -# SPDX-License-Identifier: GPL-3.0-or-later - -[Unit] -Description=pacman mirrorlist update -Wants=network-online.target -After=network-online.target nss-lookup.target -ConditionKernelCommandLine=!mirror - -[Service] -Type=oneshot -ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist -Restart=on-failure -RestartSec=10 -CacheDirectory=reflector -CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM -Environment=XDG_CACHE_HOME=/var/cache/reflector -LockPersonality=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -PrivateUsers=true -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelTunables=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectSystem=strict -ReadWritePaths=/etc/pacman.d/mirrorlist -RemoveIPC=true -RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP -RestrictNamespaces=true -RestrictRealtime=true -RestrictSUIDSGID=true -SystemCallArchitectures=native -SystemCallFilter=@system-service -SystemCallFilter=~@resources @privileged -UMask=177 - -[Install] -WantedBy=multi-user.target diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf b/configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf new file mode 100644 index 0000000..de6664d --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf @@ -0,0 +1,6 @@ +[Unit] +ConditionKernelCommandLine=!mirror + +[Service] +Restart=on-failure +RestartSec=10 diff --git a/configs/releng/airootfs/etc/xdg/reflector/reflector.conf b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf new file mode 100644 index 0000000..7b37d89 --- /dev/null +++ b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf @@ -0,0 +1,6 @@ +# Reflector configuration file for the systemd service. + +--save /etc/pacman.d/mirrorlist +--protocol https +--latest 70 +--sort rate diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service index f5071ce..d372729 120000 --- a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service +++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service @@ -1 +1 @@ -../reflector.service \ No newline at end of file +/usr/lib/systemd/system/reflector.service \ No newline at end of file diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service deleted file mode 100644 index 4058e36..0000000 --- a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service +++ /dev/null @@ -1,44 +0,0 @@ -# -# SPDX-License-Identifier: GPL-3.0-or-later - -[Unit] -Description=pacman mirrorlist update -Wants=network-online.target -After=network-online.target nss-lookup.target -ConditionKernelCommandLine=!mirror - -[Service] -Type=oneshot -ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist -Restart=on-failure -RestartSec=10 -CacheDirectory=reflector -CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM -Environment=XDG_CACHE_HOME=/var/cache/reflector -LockPersonality=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -PrivateUsers=true -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelTunables=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectSystem=strict -ReadWritePaths=/etc/pacman.d/mirrorlist -RemoveIPC=true -RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP -RestrictNamespaces=true -RestrictRealtime=true -RestrictSUIDSGID=true -SystemCallArchitectures=native -SystemCallFilter=@system-service -SystemCallFilter=~@resources @privileged -UMask=177 - -[Install] -WantedBy=multi-user.target diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf new file mode 100644 index 0000000..de6664d --- /dev/null +++ b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf @@ -0,0 +1,6 @@ +[Unit] +ConditionKernelCommandLine=!mirror + +[Service] +Restart=on-failure +RestartSec=10 diff --git a/configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf b/configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf new file mode 100644 index 0000000..7b37d89 --- /dev/null +++ b/configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf @@ -0,0 +1,6 @@ +# Reflector configuration file for the systemd service. + +--save /etc/pacman.d/mirrorlist +--protocol https +--latest 70 +--sort rate -- cgit v1.2.2