diff options
| author |   Craig Andrews <candrews@gentoo.org> | 2021-09-24 09:22:07 -0400 |
|---|---|---|
| committer | Craig Andrews <candrews@gentoo.org> | 2021-09-24 09:22:07 -0400 |
| commit | 061c8a8f90a1120cbf5100c0d683878509404edb (patch) | |
| tree | 13590986de609b562977e6383c1bebe5e6d574cd /net-misc/xmrig | |
| parent | net-libs/quiche: 0.10.0 version bump (diff) | |
| download | gentoo-061c8a8f90a1120cbf5100c0d683878509404edb.tar.gz gentoo-061c8a8f90a1120cbf5100c0d683878509404edb.tar.bz2 gentoo-061c8a8f90a1120cbf5100c0d683878509404edb.zip | |
net-misc/xmrig: disable PrivateDevices and ProtectClock hardening
Bug: https://github.com/systemd/systemd/issues/13857
Bug: https://github.com/systemd/systemd/issues/20835
Package-Manager: Portage-3.0.23, Repoman-3.0.3
Signed-off-by: Craig Andrews <candrews@gentoo.org>
Diffstat (limited to 'net-misc/xmrig')
| -rw-r--r-- | net-misc/xmrig/files/xmrig.service | 4 | ||||
| -rw-r--r-- | net-misc/xmrig/xmrig-6.15.1-r1.ebuild | 64 |
2 files changed, 66 insertions, 2 deletions
diff --git a/net-misc/xmrig/files/xmrig.service b/net-misc/xmrig/files/xmrig.service index 8b59fc0c131f..16a924aae410 100644 --- a/net-misc/xmrig/files/xmrig.service +++ b/net-misc/xmrig/files/xmrig.service @@ -16,9 +16,9 @@ PrivateTmp=true ProtectHome=true ProtectSystem=strict NoNewPrivileges=true -PrivateDevices=true +# PrivateDevices=true # https://github.com/systemd/systemd/issues/13857 CapabilityBoundingSet= -ProtectClock=true +#ProtectClock=true # https://github.com/systemd/systemd/issues/20835 ProtectKernelModules=true ProtectKernelTunables=true ProtectKernelLogs=true diff --git a/net-misc/xmrig/xmrig-6.15.1-r1.ebuild b/net-misc/xmrig/xmrig-6.15.1-r1.ebuild new file mode 100644 index 000000000000..8ad79070a47b --- /dev/null +++ b/net-misc/xmrig/xmrig-6.15.1-r1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit cmake systemd + +DESCRIPTION="RandomX, CryptoNight, KawPow, AstroBWT, and Argon2 CPU/GPU miner" +HOMEPAGE="https://xmrig.com https://github.com/xmrig/xmrig" + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" + inherit git-r3 +else + SRC_URI="https://github.com/xmrig/xmrig/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm64" +fi + +LICENSE="Apache-2.0 GPL-3+ MIT" +SLOT="0" +IUSE="cpu_flags_x86_sse4_1 donate hwloc +ssl" + +DEPEND=" + dev-libs/libuv:= + hwloc? ( sys-apps/hwloc:= ) + ssl? ( dev-libs/openssl:= ) +" +RDEPEND=" + ${DEPEND} + !arm64? ( sys-apps/msr-tools ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.12.2-nonotls.patch +) + +src_prepare() { + if ! use donate ; then + sed -i 's/1;/0;/g' src/donate.h || die + fi + + cmake_src_prepare +} + +src_configure() { + local mycmakeargs=( + -DWITH_SSE4_1=$(usex cpu_flags_x86_sse4_1) + -DWITH_HWLOC=$(usex hwloc) + -DWITH_TLS=$(usex ssl) + -DWITH_OPENCL=OFF + -DWITH_CUDA=OFF + ) + + cmake_src_configure +} + +src_install() { + default + keepdir /etc/xmrig + systemd_dounit "${FILESDIR}"/xmrig.service + dobin "${BUILD_DIR}/xmrig" + dobin "${S}/scripts/enable_1gb_pages.sh" + dobin "${S}/scripts/randomx_boost.sh" +} |