diff --git a/.SRCINFO b/.SRCINFO index 2c3c259..51041b3 100644 --- a/.SRCINFO +++ b/.SRCINFO @@ -1,6 +1,6 @@ pkgbase = librespeed-go - pkgdesc = Very lightweight speed test implemented in Javascript, using XMLHttpRequest and Web Workers. - pkgver = 1.1.3 + pkgdesc = Very lightweight speed test implemented in Javascript, using XMLHttpRequest and Web Workers + pkgver = 1.1.5 pkgrel = 1 url = https://github.com/librespeed/speedtest-go arch = i386 @@ -10,22 +10,21 @@ pkgbase = librespeed-go arch = armv6h arch = armv7h license = LGPL3 - makedepends = go>=1.13 - optdepends = mariadb: database - optdepends = postgresql: database + makedepends = go>=1.16 + optdepends = mariadb: alternative database to bolt + optdepends = postgresql: alternative database to bolt conflicts = librespeed-go-bin backup = etc/librespeed/settings.toml - backup = var/lib/librespeed/speedtest.db - source = https://github.com/librespeed/speedtest-go/archive/v1.1.3.zip + backup = usr/share/librespeed/assets/index.html + source = https://github.com/librespeed/speedtest-go/archive/v1.1.5.zip + source = librespeed.ico source = librespeed.service source = librespeed.sysusers source = librespeed.tmpfiles - source = settings.toml - sha256sums = b4bf0a88df3ba87643b8be567fda0cf4cdfc234102c21c9103e8303518e25b62 - sha256sums = c9db604a942f3fcc25f75b8e630fdb95916bf604721d0d1dbd70f29554ab766c + sha256sums = f481669c460713f3fc1c4fafbbd7ef5c5afbb21ef60221d36cea11a127e73a3c + sha256sums = 4a0d7a5a4aa43eeb967dff70c899de820cb725c74841a5b5eea37cea78ca1d42 + sha256sums = 8bcbda327d2be9a4fc8195f39b5876c7e48562af2f5956417ad78d857183ce75 sha256sums = d2cdcfd2a5d4ed1b482915c65e38a3aa06e34e967510a3721ea95180fe31c83f - sha256sums = ef3ee7877738f801edc83a56ef83ed49cef2f6a7431641a55f3f6d5c8967059e - sha256sums = 5a7daa3e93243d780379438dd13e112844b9e5064e9d89d1fb4d97e52e89138a + sha256sums = 36cb69ea0ca1ed28e608e54202fa319ba25bbd8fc111d47eb345d34d182b91d4 pkgname = librespeed-go - diff --git a/PKGBUILD b/PKGBUILD index 3d94ac9..4d4a8a6 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -1,31 +1,37 @@ # Maintainer: AlphaJack pkgname="librespeed-go" -pkgver=1.1.3 +pkgver=1.1.5 pkgrel=1 -pkgdesc="Very lightweight speed test implemented in Javascript, using XMLHttpRequest and Web Workers." +pkgdesc="Very lightweight speed test implemented in Javascript, using XMLHttpRequest and Web Workers" url="https://github.com/librespeed/speedtest-go" license=("LGPL3") arch=("i386" "x86_64" "aarch64" "armv5h" "armv6h" "armv7h") conflicts=("librespeed-go-bin") -makedepends=("go>=1.13") -optdepends=("mariadb: database" - "postgresql: database") +makedepends=("go>=1.16") +optdepends=("mariadb: alternative database to bolt" + "postgresql: alternative database to bolt") source=("https://github.com/librespeed/speedtest-go/archive/v$pkgver.zip" + "librespeed.ico" "librespeed.service" "librespeed.sysusers" - "librespeed.tmpfiles" - "settings.toml") -sha256sums=("b4bf0a88df3ba87643b8be567fda0cf4cdfc234102c21c9103e8303518e25b62" - "c9db604a942f3fcc25f75b8e630fdb95916bf604721d0d1dbd70f29554ab766c" - "d2cdcfd2a5d4ed1b482915c65e38a3aa06e34e967510a3721ea95180fe31c83f" - "ef3ee7877738f801edc83a56ef83ed49cef2f6a7431641a55f3f6d5c8967059e" - "5a7daa3e93243d780379438dd13e112844b9e5064e9d89d1fb4d97e52e89138a") -backup=("etc/librespeed/settings.toml" "var/lib/librespeed/speedtest.db") + "librespeed.tmpfiles") +sha256sums=('f481669c460713f3fc1c4fafbbd7ef5c5afbb21ef60221d36cea11a127e73a3c' + '4a0d7a5a4aa43eeb967dff70c899de820cb725c74841a5b5eea37cea78ca1d42' + '8bcbda327d2be9a4fc8195f39b5876c7e48562af2f5956417ad78d857183ce75' + 'd2cdcfd2a5d4ed1b482915c65e38a3aa06e34e967510a3721ea95180fe31c83f' + '36cb69ea0ca1ed28e608e54202fa319ba25bbd8fc111d47eb345d34d182b91d4') +backup=("etc/librespeed/settings.toml" "usr/share/librespeed/assets/index.html") prepare(){ - cd "speedtest-go-$pkgver/assets" - sed -i "s/LibreSpeed Example/LibreSpeed/" *.html + cd "speedtest-go-$pkgver" + # use arch linux paths + sed -i "settings.toml" \ + -e 's|^assets_path=.*|assets_path="/usr/share/librespeed/assets"|' \ + -e 's|database_file=.*|database_file="/var/lib/librespeed/speedtest.db"|' + # remove "Example" from html pages + sed -i "web/assets/"*.html \ + -e "s|LibreSpeed Example|LibreSpeed Speedtest|g" } build(){ @@ -34,21 +40,24 @@ build(){ } package(){ - install -D -m 644 "librespeed.service" "$pkgdir/usr/lib/systemd/system/librespeed.service" - install -D -m 644 "librespeed.sysusers" "$pkgdir/usr/lib/sysusers.d/librespeed.conf" - install -D -m 644 "librespeed.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/librespeed.conf" - install -D -m 640 "settings.toml" "$pkgdir/etc/librespeed/settings.toml" - cd "speedtest-go-$pkgver" + # binary file + install -D "speedtest" "$pkgdir/usr/bin/librespeed" + # configuration + install -D -m 640 "settings.toml" "$pkgdir/etc/librespeed/settings.toml" + # database + install -d -m 750 "$pkgdir/var/lib/librespeed" + #touch "$pkgdir/var/lib/librespeed/speedtest.db" + # webapp files install -d "$pkgdir/usr/share/librespeed" install -m 644 "database/mysql/telemetry_mysql.sql" "$pkgdir/usr/share/librespeed" install -m 644 "database/postgresql/telemetry_postgresql.sql" "$pkgdir/usr/share/librespeed" - cp -r "assets" "$pkgdir/usr/share/librespeed" - - install -D "speedtest" "$pkgdir/usr/bin/librespeed" - - install -d -m 750 "$pkgdir/var/lib/librespeed" - touch "$pkgdir/var/lib/librespeed/speedtest.db" - - install -D -m 644 "LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + # html pages + install -D -m 644 "web/assets/example-singleServer-full.html" "web/assets/index.html" + install -D -m 644 "$srcdir/librespeed.ico" "web/assets/favicon.ico" + cp -r "web/assets" "$pkgdir/usr/share/librespeed" + # systemd files + install -D -m 644 "$srcdir/librespeed.service" "$pkgdir/usr/lib/systemd/system/librespeed.service" + install -D -m 644 "$srcdir/librespeed.sysusers" "$pkgdir/usr/lib/sysusers.d/librespeed.conf" + install -D -m 644 "$srcdir/librespeed.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/librespeed.conf" } diff --git a/librespeed.ico b/librespeed.ico new file mode 100644 index 0000000..e50e89a Binary files /dev/null and b/librespeed.ico differ diff --git a/librespeed.service b/librespeed.service index 5788b68..27d3ea6 100644 --- a/librespeed.service +++ b/librespeed.service @@ -1,29 +1,135 @@ +# Systemd unit file for librespeed-go. The defaults below are suitable for +# running all configurations in a medium-security environment. See comments +# below for addtional caveats - particularly those labelled "IMPORTANT". + +# You can edit this file, or alternatively you may prefer to use systemd's +# "override" mechanisms, to avoid editing this file e.g. using: + +# systemctl edit librespeed.service + [Unit] -Description=Librespeed speed test -After=network.target +Description=LibreSpeed Server +After=syslog.target network-online.target + +# Default to using socket activation (see accompanying socket unit file to +# configure the bind address etc.). +#Requires=librespeed.socket +#After=librespeed.socket [Service] Type=simple +# The paths to the installed binary and configuration file: + +ExecStart=/usr/bin/librespeed -c /etc/librespeed/settings.toml +WorkingDirectory=/var/lib/librespeed +Restart=on-failure +#RestartSec=5 + +# IMPORTANT! +# If you use a database file (not server), then you will need to disable the +# DynamicUser setting, and manually create the UNIX user and group specified +# below, to ensure the file is accessible across multiple invocations of the +# service. +#DynamicUser=true + +# You may prefer to use a different user or group name on your system. User=librespeed Group=librespeed -WorkingDirectory=/usr/share/librespeed/ -ExecStart=/usr/bin/librespeed -c /etc/librespeed/settings.toml -DevicePolicy=closed + +# The following options will work for all configurations, but are not the +# most secure, so you are advised to customise them as described below: + +# If NOT using socket activation, or if using socket activation AND +# connecting to an external database server (MySQL, postgres) via TCP: +RestrictAddressFamilies=AF_INET AF_INET6 + +# If connecting to an external database via unix domain sockets (MySQL +# default to this mode of operation): +RestrictAddressFamilies=AF_UNIX + +# If using 'none', 'memory', or 'bolt' database types, and socket activation +# then the process will not need to bind to any new sockets, so we can remove +# the earlier AF_UNIX option again. In systemd versions before 249 this is +# the only way to say "Restrict the use of all address families": +RestrictAddressFamilies=AF_UNIX +RestrictAddressFamilies=~AF_UNIX +# ...in systemd version 249 and later, we can instead use the much clearer: +#RestrictAddressFamilies=none + +# The following options are available (in systemd v247) to restrict the +# actions of the librespeed server for reasons of increased security. + +# As a whole, the purpose of these are to provide an additional layer of +# security by mitigating any unknown security vulnerabilities which may exist +# in librespeed or in the libraries, tools and operating system components +# which it relies upon. + +# IMPORTANT! +# The following line must be customised to your individual requirements. +# e.g. if using the 'bolt' in-process database type: +ReadWritePaths=/var/lib/librespeed + +# Makes created files group-readable, but inaccessible by others +UMask=027 + +# Many of the following options are desribed in the systemd.resource-control(5) +# manual page. + +# The following may be useful in your environment: +#IPAddressDeny= +#IPAddressAllow= +#IPAccounting=true +#IPIngressFilterPath= +#SocketBindAllow= + +# If your system doesn't support all of the features below (e.g. because of +# the use of a version of systemd older than 247), you may need to comment-out +# some of the following lines. + +# n.b. It may be possible to further restrict librespeed, but this is a good +# start, and will guard against many potential zero-day vulnerabilities. + +# See the output of `systemd-analyze security librespeed.service` for further +# opportunities. Patches welcome! + +CapabilityBoundingSet= +LockPersonality=true +MemoryDenyWriteExecute=true NoNewPrivileges=yes PrivateTmp=yes -PrivateUsers=yes -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -RestrictNamespaces=yes -RestrictRealtime=yes -ReadWritePaths=/var/lib/librespeed -ReadWritePaths=/etc/librespeed/settings.toml -PrivateDevices=yes +PrivateDevices=true +PrivateUsers=true ProtectSystem=strict -ProtectHome=true -MemoryDenyWriteExecute=yes +ProtectHome=yes +ProtectClock=true +ProtectControlGroups=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectHostname=true +RemoveIPC=true +RestrictNamespaces=true +RestrictSUIDSGID=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=@system-service + +# Additionally, you may wish to use some of the systemd options documented in +# systemd.resource-control(5) to limit the CPU, memory, file-system I/O and +# network I/O that the librespeed server is permitted to consume according to +# the individual requirements of your installation. + +#CPUQuota=25% +#MemoryMax=bytes +#MemorySwapMax=bytes +#TasksMax=N +#IOReadBandwidthMax=device bytes +#IOWriteBandwidthMax=device bytes +#IOReadIOPSMax=device IOPS, IOWriteIOPSMax=device IOPS +#IPAccounting=true +#IPAddressAllow= [Install] WantedBy=multi-user.target diff --git a/librespeed.tmpfiles b/librespeed.tmpfiles index 0da2169..0a02261 100644 --- a/librespeed.tmpfiles +++ b/librespeed.tmpfiles @@ -1,3 +1,2 @@ d /var/lib/librespeed 0750 librespeed librespeed f /etc/librespeed/settings.toml 0640 root librespeed -f /var/lib/librespeed/speedtest.db 0640 librespeed librespeed diff --git a/settings.toml b/settings.toml deleted file mode 100644 index f2728a7..0000000 --- a/settings.toml +++ /dev/null @@ -1,29 +0,0 @@ -# bind address, use empty string to bind to all interfaces -bind_address="" -# backend listen port -listen_port=8989 -# proxy protocol port, use 0 to disable -proxyprotocol_port=0 -# Server location -server_lat=0 -server_lng=0 -# ipinfo.io API key, if applicable -ipinfo_api_key="" - -# assets directory path, defaults to `assets` in the same directory -assets_path="/usr/share/librespeed/assets" - -# password for logging into statistics page -statistics_password="PASSWORD" -# redact IP addresses -redact_ip_addresses=false - -# database type for statistics data, currently supports: bolt, mysql, postgresql -database_type="bolt" -database_hostname="" -database_name="" -database_username="" -database_password="" - -# if you use `bolt` as database, set database_file to database file location -database_file="/var/lib/librespeed/speedtest.db"