diff --git a/net/transmission/Makefile b/net/transmission/Makefile index 06c45f0d71..a2f530c3f2 100644 --- a/net/transmission/Makefile +++ b/net/transmission/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=transmission PKG_VERSION:=2.94 -PKG_RELEASE:=8 +PKG_RELEASE:=11 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master @@ -24,6 +24,7 @@ PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/package-seccomp.mk define Package/transmission/template SUBMENU:=BitTorrent @@ -150,6 +151,7 @@ define Package/transmission-daemon-openssl/install $(INSTALL_CONF) files/transmission.config $(1)/etc/config/transmission $(INSTALL_DIR) $(1)/etc/sysctl.d/ $(INSTALL_CONF) files/transmission.sysctl $(1)/etc/sysctl.d/20-transmission.conf + $(call InstallSeccomp,$(1),./files/transmission-daemon.json) endef Package/transmission-daemon-mbedtls/install = $(Package/transmission-daemon-openssl/install) diff --git a/net/transmission/files/transmission-daemon.json b/net/transmission/files/transmission-daemon.json new file mode 100644 index 0000000000..e284886de4 --- /dev/null +++ b/net/transmission/files/transmission-daemon.json @@ -0,0 +1,74 @@ +{ + "whitelist": [ + "accept4", + "access", + "arm_fadvise64_64", + "bind", + "brk", + "clock_gettime", + "clone", + "close", + "connect", + "epoll_create1", + "epoll_ctl", + "epoll_pwait", + "exit", + "exit_group", + "fadvise64", + "fallocate", + "fcntl", + "fcntl64", + "fstat", + "fstat64", + "fsync", + "futex", + "getdents64", + "getpeername", + "getpid", + "getsockname", + "getsockopt", + "ioctl", + "listen", + "_llseek", + "lseek", + "madvise", + "membarrier", + "mkdir", + "mmap", + "mmap2", + "mprotect", + "munmap", + "nanosleep", + "_newselect", + "open", + "pipe", + "pipe2", + "poll", + "pread64", + "prlimit64", + "pwrite64", + "read", + "readlink", + "readv", + "recvfrom", + "rename", + "rmdir", + "rt_sigaction", + "rt_sigprocmask", + "rt_sigreturn", + "select", + "sendto", + "setsockopt", + "shutdown", + "sigreturn", + "socket", + "stat", + "stat64", + "umask", + "uname", + "unlink", + "write", + "writev" + ], + "policy": 1 +} diff --git a/net/transmission/files/transmission.init b/net/transmission/files/transmission.init index 92160c7ebe..ae3e5e5f73 100644 --- a/net/transmission/files/transmission.init +++ b/net/transmission/files/transmission.init @@ -3,85 +3,98 @@ START=99 USE_PROCD=1 +PROG="/usr/bin/transmission-daemon" LIST_SEP=" " append_params() { local p; local v; local s="$1"; shift + IFS="$LIST_SEP" for p in "$@"; do config_get v "$s" "$p" - IFS="$LIST_SEP" for v in $v; do - [ -n "$v" ] && ( - echo "\"$p\": $v," | sed -e 's|_|-|g' - ) >> "$config_file" + [ -n "$v" ] && echo "\"$p\": $v," | sed -e 's|_|-|g' done - unset IFS done + unset IFS } append_params_quotes() { local p; local v; local s="$1"; shift + IFS="$LIST_SEP" for p in "$@"; do config_get v "$s" "$p" - IFS="$LIST_SEP" for v in $v; do - [ -n "$v" ] && ( + [ -n "$v" ] && { printf "\"%s" "$p" | sed -e 's|/|\\/|g;s|_|-|g'; \ echo "\": \"$v\"," - ) >> "$config_file" + } done - unset IFS done -} - -section_enabled() { - config_get_bool enabled "$1" enabled 0 - [ $enabled -gt 0 ] + unset IFS } transmission() { local cfg="$1" - local USE - local user - local group - local config_overwrite - local download_dir config_dir - local mem_percentage - local nice - local web_home - - section_enabled "$section" || return 1 + local enabled + config_get_bool enabled "$cfg" enabled 0 + [ "$enabled" -gt 0 ] || return 1 + local config_dir config_get config_dir "$cfg" 'config_dir' '/var/etc/transmission' + local user config_get user "$cfg" 'user' + local group config_get group "$cfg" 'group' + local download_dir config_get download_dir "$cfg" 'download_dir' '/var/etc/transmission' + local incomplete_dir + config_get incomplete_dir "$cfg" 'incomplete_dir' '/var/etc/transmission' + local incomplete_dir_enabled + config_get incomplete_dir_enabled "$cfg" 'incomplete_dir_enabled' 0 + local mem_percentage config_get mem_percentage "$cfg" 'mem_percentage' '50' + local config_overwrite config_get config_overwrite "$cfg" config_overwrite 1 + local nice config_get nice "$cfg" nice 0 + local web_home config_get web_home "$cfg" 'web_home' local MEM - MEM=$(sed -ne 's!^MemTotal:[[:space:]]*\([0-9]*\) kB$!\1!p' /proc/meminfo) - if test "$MEM" -gt 1;then - USE=$((MEM * mem_percentage * 10)) - fi + local USE + [ "$MEM" -gt 1 ] && USE=$((MEM * mem_percentage * 10)) config_file="$config_dir/settings.json" [ -d "$config_dir" ] || { mkdir -p "$config_dir" chmod 0755 "$config_dir" touch "$config_file" + mkdir -p "$config_dir/resume" + mkdir -p "$config_dir/torrents" + mkdir -p "$config_dir/blocklists" + [ -e "$config_dir/stats.json" ] || touch "$config_dir/stats.json" [ -z "$user" ] || chown -R "$user:$group" "$config_dir" } + [ -d "$download_dir" ] || { + mkdir -p "$download_dir" + chmod 0755 "$download_dir" + [ -z "$user" ] || chown -R "$user:$group" "$download_dir" + } + + [ "$incomplete_dir_enabled" = "0" ] || [ -d "$incomplete_dir" ] || { + mkdir -p "$incomplete_dir" + chmod 0755 "$incomplete_dir" + [ -z "$user" ] || chown -R "$user:$group" "$incomplete_dir" + } + [ "$config_overwrite" = 0 ] || { - echo "{" > "$config_file" + echo "{" append_params "$cfg" \ alt_speed_down alt_speed_enabled alt_speed_time_begin alt_speed_time_day \ @@ -106,20 +119,20 @@ transmission() { peer_congestion_algorithm peer_socket_tos rpc_bind_address rpc_password rpc_url \ rpc_username rpc_host_whitelist rpc_whitelist script_torrent_done_filename watch_dir - { echo "\"invalid-key\": false" echo "}" - } >> "$config_file" - } + + } > "$config_file" procd_open_instance - procd_set_param command "/usr/bin/transmission-daemon" - procd_append_param command -f --log-error -g "$config_dir" + procd_set_param command "$PROG" + procd_append_param command -f -g "$config_dir" procd_set_param user "$user" procd_set_param group "$group" procd_set_param nice "$nice" procd_set_param stderr 1 procd_set_param respawn + procd_set_param seccomp "/etc/seccomp/transmission-daemon.json" if [ -z "$USE" ]; then procd_set_param limits core="0 0" @@ -128,12 +141,14 @@ transmission() { logger -t transmission "Starting with $USE virt mem" fi - if test -d "$web_home"; then - procd_set_param env TRANSMISSION_WEB_HOME="$web_home" - fi + [ -d "$web_home" ] && procd_set_param env TRANSMISSION_WEB_HOME="$web_home" procd_add_jail transmission log procd_add_jail_mount "$config_file" + procd_add_jail_mount_rw "$config_dir/resume" + procd_add_jail_mount_rw "$config_dir/torrents" + procd_add_jail_mount_rw "$config_dir/blocklists" + procd_add_jail_mount_rw "$config_dir/stats.json" procd_add_jail_mount_rw "$download_dir" procd_close_instance } @@ -142,3 +157,7 @@ start_service() { config_load 'transmission' config_foreach transmission 'transmission' } + +reload_service() { + procd_send_signal "$PROG" +}