Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc
diff options
context:
space:
mode:
authorCraig Andrews <candrews@gentoo.org>2021-09-24 09:22:07 -0400
committerCraig Andrews <candrews@gentoo.org>2021-09-24 09:22:07 -0400
commit061c8a8f90a1120cbf5100c0d683878509404edb (patch)
tree13590986de609b562977e6383c1bebe5e6d574cd /net-misc
parentnet-libs/quiche: 0.10.0 version bump (diff)
downloadgentoo-061c8a8f90a1120cbf5100c0d683878509404edb.tar.gz
gentoo-061c8a8f90a1120cbf5100c0d683878509404edb.tar.bz2
gentoo-061c8a8f90a1120cbf5100c0d683878509404edb.zip
net-misc/xmrig: disable PrivateDevices and ProtectClock hardening
Bug: https://github.com/systemd/systemd/issues/13857 Bug: https://github.com/systemd/systemd/issues/20835 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Craig Andrews <candrews@gentoo.org>
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/xmrig/files/xmrig.service4
-rw-r--r--net-misc/xmrig/xmrig-6.15.1-r1.ebuild64
2 files changed, 66 insertions, 2 deletions
diff --git a/net-misc/xmrig/files/xmrig.service b/net-misc/xmrig/files/xmrig.service
index 8b59fc0c131f..16a924aae410 100644
--- a/net-misc/xmrig/files/xmrig.service
+++ b/net-misc/xmrig/files/xmrig.service
@@ -16,9 +16,9 @@ PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
NoNewPrivileges=true
-PrivateDevices=true
+# PrivateDevices=true # https://github.com/systemd/systemd/issues/13857
CapabilityBoundingSet=
-ProtectClock=true
+#ProtectClock=true # https://github.com/systemd/systemd/issues/20835
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectKernelLogs=true
diff --git a/net-misc/xmrig/xmrig-6.15.1-r1.ebuild b/net-misc/xmrig/xmrig-6.15.1-r1.ebuild
new file mode 100644
index 000000000000..8ad79070a47b
--- /dev/null
+++ b/net-misc/xmrig/xmrig-6.15.1-r1.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake systemd
+
+DESCRIPTION="RandomX, CryptoNight, KawPow, AstroBWT, and Argon2 CPU/GPU miner"
+HOMEPAGE="https://xmrig.com https://github.com/xmrig/xmrig"
+
+if [[ ${PV} == *9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/xmrig/xmrig/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+ KEYWORDS="~amd64 ~arm64"
+fi
+
+LICENSE="Apache-2.0 GPL-3+ MIT"
+SLOT="0"
+IUSE="cpu_flags_x86_sse4_1 donate hwloc +ssl"
+
+DEPEND="
+ dev-libs/libuv:=
+ hwloc? ( sys-apps/hwloc:= )
+ ssl? ( dev-libs/openssl:= )
+"
+RDEPEND="
+ ${DEPEND}
+ !arm64? ( sys-apps/msr-tools )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-6.12.2-nonotls.patch
+)
+
+src_prepare() {
+ if ! use donate ; then
+ sed -i 's/1;/0;/g' src/donate.h || die
+ fi
+
+ cmake_src_prepare
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DWITH_SSE4_1=$(usex cpu_flags_x86_sse4_1)
+ -DWITH_HWLOC=$(usex hwloc)
+ -DWITH_TLS=$(usex ssl)
+ -DWITH_OPENCL=OFF
+ -DWITH_CUDA=OFF
+ )
+
+ cmake_src_configure
+}
+
+src_install() {
+ default
+ keepdir /etc/xmrig
+ systemd_dounit "${FILESDIR}"/xmrig.service
+ dobin "${BUILD_DIR}/xmrig"
+ dobin "${S}/scripts/enable_1gb_pages.sh"
+ dobin "${S}/scripts/randomx_boost.sh"
+}