highperfocused/raspiblitz
1
0
Fork 0
mirror of https://github.com/raspiblitz/raspiblitz.git synced 2025-09-19 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

#2826 do not create system directories and format

Browse Source
This commit is contained in:
openoms
2021-12-20 15:02:36 +00:00
parent 4636f47aad
commit ff3ab2585e
2 changed files with 5 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
home.admin/assets/bitcoind.service
View File

@@ -23,7 +23,6 @@ ExecStartPre=/bin/chgrp bitcoin /mnt/hdd/bitcoin
# Process management # Process management
#################### ####################
Type=forking Type=forking
PIDFile=/mnt/hdd/bitcoin/bitcoind.pid PIDFile=/mnt/hdd/bitcoin/bitcoind.pid
Restart=on-failure Restart=on-failure
@@ -32,46 +31,27 @@ TimeoutStopSec=600
# Directory creation and permissions # Directory creation and permissions
#################################### ####################################
# Run as bitcoin:bitcoin # Run as bitcoin:bitcoin
User=bitcoin User=bitcoin
Group=bitcoin Group=bitcoin
# /mnt/hdd/bitcoin
RuntimeDirectory=bitcoin
RuntimeDirectoryMode=0710
# /mnt/hdd/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710
# /mnt/hdd/bitcoin
StateDirectory=bitcoin
StateDirectoryMode=0710
StandardOutput=null StandardOutput=null
StandardError=journal StandardError=journal
# Hardening measures # Hardening measures
#################### ####################
# Provide a private /tmp and /var/tmp. # Provide a private /tmp and /var/tmp.
PrivateTmp=true PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process. # Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full ProtectSystem=full
# Deny access to /home, /root and /run/user # Deny access to /home, /root and /run/user
ProtectHome=true ProtectHome=true
# Disallow the process and all of its children to gain # Disallow the process and all of its children to gain
# new privileges through execve(). # new privileges through execve().
NoNewPrivileges=true NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices # Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random. # such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true PrivateDevices=true
# Deny the creation of writable and executable memory mappings. # Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true

29
home.admin/config.scripts/bitcoin.install.sh
View File

@@ -239,10 +239,11 @@ Wants=network-online.target
[Service] [Service]
PIDFile=/mnt/hdd/bitcoin/${prefix}bitcoind.pid PIDFile=/mnt/hdd/bitcoin/${prefix}bitcoind.pid
ExecStart=/usr/local/bin/bitcoind -${CHAIN} -daemonwait \ ExecStart=/usr/local/bin/bitcoind -${CHAIN} \\
-pid=/mnt/hdd/bitcoin/${prefix}bitcoind.pid \ -daemonwait \\
-conf=/mnt/hdd/bitcoin/bitcoin.conf \ -pid=/mnt/hdd/bitcoin/${prefix}bitcoind.pid \\
-datadir=/mnt/hdd/bitcoin \ -conf=/mnt/hdd/bitcoin/bitcoin.conf \\
-datadir=/mnt/hdd/bitcoin \\
-debuglogfile=/mnt/hdd/bitcoin/${prefix}debug.log -debuglogfile=/mnt/hdd/bitcoin/${prefix}debug.log
# Make sure the config directory is readable by the service user # Make sure the config directory is readable by the service user
@@ -251,7 +252,6 @@ ExecStartPre=/bin/chgrp bitcoin /mnt/hdd/bitcoin
# Process management # Process management
#################### ####################
Type=forking Type=forking
PIDFile=/mnt/hdd/bitcoin/${prefix}bitcoind.pid PIDFile=/mnt/hdd/bitcoin/${prefix}bitcoind.pid
Restart=on-failure Restart=on-failure
@@ -260,46 +260,27 @@ TimeoutStopSec=600
# Directory creation and permissions # Directory creation and permissions
#################################### ####################################
# Run as bitcoin:bitcoin # Run as bitcoin:bitcoin
User=bitcoin User=bitcoin
Group=bitcoin Group=bitcoin
# /mnt/hdd/bitcoin
RuntimeDirectory=bitcoin
RuntimeDirectoryMode=0710
# /mnt/hdd/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710
# /mnt/hdd/bitcoin
StateDirectory=bitcoin
StateDirectoryMode=0710
StandardOutput=null StandardOutput=null
StandardError=journal StandardError=journal
# Hardening measures # Hardening measures
#################### ####################
# Provide a private /tmp and /var/tmp. # Provide a private /tmp and /var/tmp.
PrivateTmp=true PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process. # Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full ProtectSystem=full
# Deny access to /home, /root and /run/user # Deny access to /home, /root and /run/user
ProtectHome=true ProtectHome=true
# Disallow the process and all of its children to gain # Disallow the process and all of its children to gain
# new privileges through execve(). # new privileges through execve().
NoNewPrivileges=true NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices # Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random. # such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true PrivateDevices=true
# Deny the creation of writable and executable memory mappings. # Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true