diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4349d5f9..287d1dcc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -215,9 +215,7 @@ jobs: --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' - --depends openssl - --before-install freebsd/preinst - --after-remove freebsd/postrm" + --depends openssl" - name: Upload Linux x86_64 archive uses: shogo82148/actions-upload-release-asset@v1 diff --git a/docs/header.png b/docs/header.png index 6e4d1b9d..3e32fc69 100644 Binary files a/docs/header.png and b/docs/header.png differ diff --git a/freebsd/postrm b/freebsd/postrm deleted file mode 100644 index 9cb6c88c..00000000 --- a/freebsd/postrm +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -set -e - -USERNAME=defguard - -if id -u ${USERNAME} >/dev/null 2>&1 -then - echo "If no longer needed, remove ${USERNAME} manually: pw user del -n ${USERNAME}" -fi diff --git a/freebsd/preinst b/freebsd/preinst deleted file mode 100644 index 212683de..00000000 --- a/freebsd/preinst +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -set -e - -USERNAME=defguard - -if ! id -u ${USERNAME} >/dev/null 2>&1 -then - pw user add -n ${USERNAME} -g nogroup -c "Defguard" -d /nonexistent -s /usr/sbin/nologin -fi - -mkdir -p /etc/defguard -chown ${USERNAME}:${USERNAME} /etc/defguard -chmod 750 /etc/defguard diff --git a/linux/defguard-proxy.service b/linux/defguard-proxy.service index bcf03cb3..ce614eed 100644 --- a/linux/defguard-proxy.service +++ b/linux/defguard-proxy.service @@ -7,6 +7,8 @@ After=network-online.target [Service] User=defguard Group=defguard +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE ExecReload=/bin/kill -HUP $MAINPID ExecStart=/usr/bin/defguard-proxy --config /etc/defguard/proxy.toml KillMode=process diff --git a/linux/postinst b/linux/postinst index 7ed34054..429e757c 100644 --- a/linux/postinst +++ b/linux/postinst @@ -14,8 +14,8 @@ case "${1}" in abort-upgrade | abort-remove | abort-deconfigure) if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload - if /usr/bin/systemctl is-enabled ${SERVICE_NAME} >/dev/null 2>&1; then - /usr/bin/systemctl start ${SERVICE_NAME} || true + if /usr/bin/systemctl is-enabled --quiet ${SERVICE_NAME}; then + /usr/bin/systemctl --no-block restart ${SERVICE_NAME} fi fi ;; diff --git a/linux/postrm b/linux/postrm index 3335ba37..2b473f8a 100644 --- a/linux/postrm +++ b/linux/postrm @@ -4,10 +4,9 @@ set -e USERNAME=defguard if [ -x /usr/bin/systemctl ]; then - /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || true + /usr/bin/systemctl --quiet daemon-reload || true fi -if id -u ${USERNAME} >/dev/null 2>&1 -then - echo "If no longer needed, remove ${USERNAME} manually: userdel ${USERNAME}" +if id -u ${USERNAME} >/dev/null 2>&1; then + echo "If no longer needed, remove ${USERNAME} manually: userdel ${USERNAME}" fi diff --git a/linux/preinst b/linux/preinst index a4b7852b..6cc33233 100755 --- a/linux/preinst +++ b/linux/preinst @@ -8,5 +8,5 @@ if ! id -u ${USERNAME} >/dev/null 2>&1; then fi mkdir -p /etc/defguard -chown ${USERNAME}:${USERNAME} /etc/defguard +chown -R ${USERNAME}:${USERNAME} /etc/defguard chmod 750 /etc/defguard diff --git a/linux/prerm b/linux/prerm index f691f94d..1ca58ce1 100644 --- a/linux/prerm +++ b/linux/prerm @@ -4,5 +4,5 @@ set -e SERVICE_NAME='defguard-proxy' if [ -x /usr/bin/systemctl ]; then - /usr/bin/systemctl --no-block stop ${SERVICE_NAME} >/dev/null 2>&1 || true + /usr/bin/systemctl --no-block --quiet stop ${SERVICE_NAME} || true fi