upgpkg: adguardhome 1:0.107.46-2

more systemd service hardening

adguardhome/.SRCINFO

@@ -1,15 +1,14 @@
 pkgbase = adguardhome
 	pkgdesc = Network-wide ads and trackers blocking DNS server
 	pkgver = 0.107.46
-	pkgrel = 1
+	pkgrel = 2
 	epoch = 1
 	url = https://github.com/AdguardTeam/AdGuardHome
 	install = adguardhome.install
 	arch = x86_64
 	arch = aarch64
 	arch = armv7h
-	arch = armv6h
-	license = GPL
+	license = GPL-2.0-only
 	makedepends = go
 	makedepends = nodejs
 	makedepends = npm
@@ -19,7 +18,7 @@ pkgbase = adguardhome
 	source = adguardhome.service
 	source = adguardhome.install
 	b2sums = d3b7a6cd24e35fc22fc90919ce7143fbe3475891f151011b5c059f66cbcb78b756d40e797cbee5a1cc2d22064969abac329165f16794619e1b60ea6b22366692
-	b2sums = d74c0d6c8118a876fddfa045980ab002a6177efda49c3046cee22c6635c5f5caa1c520d8d4c07687dbaf52f7639da7172c25f027b8a499dc76c125940d431a98
+	b2sums = 161152f91e09fe491db631eb6ed603c0c975453b682467945fdade6091bf427ec932230f3a10e40e2f054dc01567930ecc27343c04882fb0e736b4f6becc96da
 	b2sums = b22ae447e0288e64332bcb41cc73f61e9adb58d402ef3ccfb896aa1ecbec4d4ff66bfc1464ca9d0bc99f1a5b4d32bdc5765f42a1b72b0fb3786ecefcf94a7265
 
 pkgname = adguardhome

adguardhome/PKGBUILD

@@ -2,35 +2,39 @@
 # Contributor: Pavers_Career <pavers_career_0d AT ícloud DOT com>
 
 pkgname=adguardhome
-_pkgname=AdGuardHome
+_name=AdGuardHome
 pkgver=0.107.46
-pkgrel=1
+pkgrel=2
 epoch=1
-pkgdesc="Network-wide ads and trackers blocking DNS server"
-arch=(x86_64 aarch64 armv7h armv6h)
-url="https://github.com/AdguardTeam/AdGuardHome"
-license=(GPL)
-source=("$pkgname-$pkgver.tar.gz::https://github.com/AdguardTeam/AdGuardHome/archive/v$pkgver.tar.gz"
+pkgdesc='Network-wide ads and trackers blocking DNS server'
+arch=(x86_64 aarch64 armv7h)
+url='https://github.com/AdguardTeam/AdGuardHome'
+license=(GPL-2.0-only)
+source=("$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz"
         "$pkgname.service"
         "$pkgname.install")
 makedepends=(go nodejs npm git)
 depends=(glibc)
 install="$pkgname.install"
 b2sums=('d3b7a6cd24e35fc22fc90919ce7143fbe3475891f151011b5c059f66cbcb78b756d40e797cbee5a1cc2d22064969abac329165f16794619e1b60ea6b22366692'
-        'd74c0d6c8118a876fddfa045980ab002a6177efda49c3046cee22c6635c5f5caa1c520d8d4c07687dbaf52f7639da7172c25f027b8a499dc76c125940d431a98'
+        '161152f91e09fe491db631eb6ed603c0c975453b682467945fdade6091bf427ec932230f3a10e40e2f054dc01567930ecc27343c04882fb0e736b4f6becc96da'
         'b22ae447e0288e64332bcb41cc73f61e9adb58d402ef3ccfb896aa1ecbec4d4ff66bfc1464ca9d0bc99f1a5b4d32bdc5765f42a1b72b0fb3786ecefcf94a7265')
 
 prepare() {
-  cd "$_pkgname-$pkgver"
+  cd "$_name-$pkgver"
   npm --prefix client ci
   go mod download
 }
 
 build() {
-  cd "$_pkgname-$pkgver"
+  cd "$_name-$pkgver"
   export NODE_OPTIONS=--openssl-legacy-provider
   npm --prefix client run build-prod
   unset NODE_OPTIONS
+
+  export CGO_CPPFLAGS="${CPPFLAGS}"
+  export CGO_CFLAGS="${CFLAGS}"
+  export CGO_CXXFLAGS="${CXXFLAGS}"
   go build \
     -trimpath \
     -buildmode=pie \
@@ -41,10 +45,10 @@ build() {
 }
 
 package() {
-  install -Dm755 "$_pkgname-$pkgver/$pkgname" "$pkgdir/usr/bin/$pkgname"
+  install -Dm755 "$_name-$pkgver/$pkgname" "$pkgdir/usr/bin/$pkgname"
   install -Dm644 "$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service"
-  mkdir "$pkgdir/etc"
-  ln -s "/var/lib/$pkgname/$_pkgname.yaml" "$pkgdir/etc/$pkgname.yaml"
+  install -dm755 "$pkgdir/etc"
+  ln -s "/var/lib/$pkgname/$_name.yaml" "$pkgdir/etc/$pkgname.yaml"
 }
 
 # vim:set ts=2 sw=2 et:

adguardhome/adguardhome.service

@@ -10,5 +10,16 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
 ExecStart=/usr/bin/adguardhome -w /var/lib/adguardhome -l syslog
 
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectHostname=true
+
 [Install]
 WantedBy=multi-user.target