mirror of
https://github.com/jellyfin/jellyfin.git
synced 2024-07-01 11:23:36 +02:00
Put low port privilege into an optional subpackage
Move "AmbientCapabilities=CAP_NET_BIND_SERVICE" to the "[Service]" section of the optional "lowport" unit drop-in file and package that drop-in in a separate, optionally installable jellyfin-server-lowports subpackage. This isolates the CAP_NET_BIND_SERVICE capability to only installations that desire it. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
This commit is contained in:
parent
757970bfc1
commit
148fcb1bb8
4
fedora/jellyfin-server-lowports.conf
Normal file
4
fedora/jellyfin-server-lowports.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# This allows Jellyfin to bind to low ports such as 80 and/or 443
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
@ -3,7 +3,6 @@ After=network-online.target
|
||||||
Description=Jellyfin is a free software media system that puts you in control of managing and streaming your media.
|
Description=Jellyfin is a free software media system that puts you in control of managing and streaming your media.
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
EnvironmentFile=/etc/sysconfig/jellyfin
|
EnvironmentFile=/etc/sysconfig/jellyfin
|
||||||
WorkingDirectory=/var/lib/jellyfin
|
WorkingDirectory=/var/lib/jellyfin
|
||||||
ExecStart=/usr/bin/jellyfin ${JELLYFIN_WEB_OPT} ${JELLYFIN_RESTART_OPT} ${JELLYFIN_FFMPEG_OPT} ${JELLYFIN_SERVICE_OPT} ${JELLYFIN_NOWEBAPP_OPT}
|
ExecStart=/usr/bin/jellyfin ${JELLYFIN_WEB_OPT} ${JELLYFIN_RESTART_OPT} ${JELLYFIN_FFMPEG_OPT} ${JELLYFIN_SERVICE_OPT} ${JELLYFIN_NOWEBAPP_OPT}
|
||||||
|
|
|
@ -12,7 +12,7 @@ Release: 1%{?dist}
|
||||||
Summary: The Free Software Media System
|
Summary: The Free Software Media System
|
||||||
License: GPLv3
|
License: GPLv3
|
||||||
URL: https://jellyfin.org
|
URL: https://jellyfin.org
|
||||||
# Jellyfin Server tarball created by `make -f .copr/Makefile srpm`, real URL ends with `v%{version}.tar.gz`
|
# Jellyfin Server tarball created by `make -f .copr/Makefile srpm`, real URL ends with `v%%{version}.tar.gz`
|
||||||
Source0: jellyfin-server-%{version}.tar.gz
|
Source0: jellyfin-server-%{version}.tar.gz
|
||||||
Source11: jellyfin.service
|
Source11: jellyfin.service
|
||||||
Source12: jellyfin.env
|
Source12: jellyfin.env
|
||||||
|
@ -20,6 +20,7 @@ Source13: jellyfin.sudoers
|
||||||
Source14: restart.sh
|
Source14: restart.sh
|
||||||
Source15: jellyfin.override.conf
|
Source15: jellyfin.override.conf
|
||||||
Source16: jellyfin-firewalld.xml
|
Source16: jellyfin-firewalld.xml
|
||||||
|
Source17: jellyfin-server-lowports.conf
|
||||||
|
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
|
@ -45,6 +46,16 @@ Requires: libcurl, fontconfig, freetype, openssl, glibc, libicu, at, sudo
|
||||||
%description server
|
%description server
|
||||||
The Jellyfin media server backend.
|
The Jellyfin media server backend.
|
||||||
|
|
||||||
|
%package server-lowports
|
||||||
|
# RPMfusion free
|
||||||
|
Summary: The Free Software Media System Server backend. Low-port binding.
|
||||||
|
Requires: jellyfin-server
|
||||||
|
|
||||||
|
%description server-lowports
|
||||||
|
The Jellyfin media server backend low port binding package. This package
|
||||||
|
enables binding to ports < 1024. You would install this if you want
|
||||||
|
the Jellyfin server to bind to ports 80 and/or 443 for example.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -n jellyfin-server-%{version} -b 0
|
%autosetup -n jellyfin-server-%{version} -b 0
|
||||||
|
|
||||||
|
@ -57,6 +68,7 @@ dotnet publish --configuration Release --output='%{buildroot}%{_libdir}/jellyfin
|
||||||
"-p:DebugSymbols=false;DebugType=none" Jellyfin.Server
|
"-p:DebugSymbols=false;DebugType=none" Jellyfin.Server
|
||||||
%{__install} -D -m 0644 LICENSE %{buildroot}%{_datadir}/licenses/jellyfin/LICENSE
|
%{__install} -D -m 0644 LICENSE %{buildroot}%{_datadir}/licenses/jellyfin/LICENSE
|
||||||
%{__install} -D -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/systemd/system/jellyfin.service.d/override.conf
|
%{__install} -D -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/systemd/system/jellyfin.service.d/override.conf
|
||||||
|
%{__install} -D -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/jellyfin.service.d/jellyfin-server-lowports.conf
|
||||||
%{__install} -D -m 0644 Jellyfin.Server/Resources/Configuration/logging.json %{buildroot}%{_sysconfdir}/jellyfin/logging.json
|
%{__install} -D -m 0644 Jellyfin.Server/Resources/Configuration/logging.json %{buildroot}%{_sysconfdir}/jellyfin/logging.json
|
||||||
%{__mkdir} -p %{buildroot}%{_bindir}
|
%{__mkdir} -p %{buildroot}%{_bindir}
|
||||||
tee %{buildroot}%{_bindir}/jellyfin << EOF
|
tee %{buildroot}%{_bindir}/jellyfin << EOF
|
||||||
|
@ -95,6 +107,9 @@ EOF
|
||||||
%attr(750,jellyfin,jellyfin) %dir %{_var}/cache/jellyfin
|
%attr(750,jellyfin,jellyfin) %dir %{_var}/cache/jellyfin
|
||||||
%{_datadir}/licenses/jellyfin/LICENSE
|
%{_datadir}/licenses/jellyfin/LICENSE
|
||||||
|
|
||||||
|
%files server-lowports
|
||||||
|
%{_unitdir}/jellyfin.service.d/jellyfin-server-lowports.conf
|
||||||
|
|
||||||
%pre server
|
%pre server
|
||||||
getent group jellyfin >/dev/null || groupadd -r jellyfin
|
getent group jellyfin >/dev/null || groupadd -r jellyfin
|
||||||
getent passwd jellyfin >/dev/null || \
|
getent passwd jellyfin >/dev/null || \
|
||||||
|
@ -137,6 +152,9 @@ fi
|
||||||
%systemd_postun_with_restart jellyfin.service
|
%systemd_postun_with_restart jellyfin.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 29 2021 Brian J. Murrell <brian@interlinx.bc.ca>
|
||||||
|
- Add jellyfin-server-lowports.service drop-in in a server-lowports
|
||||||
|
subpackage to allow binding to low ports
|
||||||
* Fri Dec 04 2020 Jellyfin Packaging Team <packaging@jellyfin.org>
|
* Fri Dec 04 2020 Jellyfin Packaging Team <packaging@jellyfin.org>
|
||||||
- Forthcoming stable release
|
- Forthcoming stable release
|
||||||
* Mon Jul 27 2020 Jellyfin Packaging Team <packaging@jellyfin.org>
|
* Mon Jul 27 2020 Jellyfin Packaging Team <packaging@jellyfin.org>
|
||||||
|
|
Loading…
Reference in a new issue