Commit Graph

62 Commits

Author SHA1 Message Date
Dennis M. Pöpperl
2abd4c0c9c Remove restart.sh dependencies from packaging 2023-01-23 20:02:41 +01:00
Shadowghost
6292e0127d Remove restart.sh from packaging 2023-01-19 10:32:11 +01:00
nyanmisaka
bb7bf8378b Add jellyfin to the render and video groups for HWA
Signed-off-by: nyanmisaka <nst799610810@gmail.com>
2023-01-04 04:29:38 +08:00
Bond-009
622dfaaedf
Fix fedora and centos nightly (#8875) 2022-12-08 05:19:42 -07:00
Bond-009
a2babfd0d3
Fix nightly builds (#8870) 2022-12-07 17:51:29 -07:00
AJ Jordan
c9f3c7b11a Backport pull request #8321 from jellyfin/release-10.8.z
Fix systemd not breaking whitespace in env vars

Original-merge: 125ee88311

Merged-by: Joshua M. Boniface <joshua@boniface.me>

Backported-by: Joshua M. Boniface <joshua@boniface.me>
2022-09-23 23:09:37 -04:00
Brian J. Murrell
d675a20540
JELLYFIN_NOWEBAPP_OPT is now --nowebclient
--noautorunwebapp has been renamed --nowebclient.
2022-08-24 17:20:05 -04:00
Joshua M. Boniface
c7edf8b565 Backport pull request #8257 from jellyfin/release-10.8.z
Use separate args for dotnet publish commands

Original-merge: d260f30810

Merged-by: Joshua M. Boniface <joshua@boniface.me>

Backported-by: Joshua Boniface <joshua@boniface.me>
2022-08-13 21:46:36 -04:00
nyanmisaka
56805b3368 Backport pull request #8219 from jellyfin/release-10.8.z
Move Fedora service hardening options to override config

Original-merge: 1d4755894e

Merged-by: Joshua M. Boniface <joshua@boniface.me>

Backported-by: Joshua Boniface <joshua@boniface.me>
2022-08-13 21:46:35 -04:00
Cody Robibero
40d3d8fb37 bump Jellyfin to 10.9 2022-07-13 21:00:56 -06:00
Joshua Boniface
28594ececa Backport pull request #8038 from jellyfin/release-10.8.z
Remove mount and unmount permissions for jellyfin group from sudoers

Authored-by: Shadowghost <Ghost_of_Stone@web.de>

Merged-by: Claus Vium <cvium@users.noreply.github.com>

Original-merge: 9cebdfdec0
2022-06-30 12:15:07 -04:00
Cody Robibero
1ee1a05fc7 Merge pull request #7614 from mihawk90/fedora-spec-rework
(cherry picked from commit cb6e6879e2)
Signed-off-by: Joshua Boniface <joshua@boniface.me>
2022-06-29 01:26:14 -04:00
Joshua M. Boniface
464ebf93dd
Merge pull request #6985 from joshuaboniface/unharden-for-lxc 2022-03-19 12:31:33 -04:00
Joshua M. Boniface
1d7a524d82 Add SuccessExitStatus for exit 143
Fixes #3182
2022-03-15 20:27:38 -04:00
Bill Thornton
226a43619f Fix fedora build version 2021-12-30 16:54:59 -05:00
Cody Robibero
cecfdeeec3
Merge branch 'master' into unharden-for-lxc 2021-12-24 02:01:06 +00:00
Brian J. Murrell
543b0127b3 Fix build on EL7
Add /usr/local/bin to $PATH.

Update fedora/Makefile with enhancements from jellyfin-web.
2021-12-14 17:50:58 -05:00
Joshua M. Boniface
fcf5b9b46e Unify and standardize unit files between deb/rpm
Ensures that the RPM service unit has all the tweaks from the Deb
service unit, and some in the other direction too.
2021-12-12 17:01:35 -05:00
Cody Robibero
0e8c97ed60
Merge pull request #5894 from brianjmurrell/bmurrell/setcap-low-port 2021-12-11 22:12:19 -07:00
Brian J. Murrell
296a61cbc4 Run bump_version in make srpm
Also add an "rpms" target that builds the RPMs using mock in a target
environment.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-12-11 22:49:19 -05:00
Brian J. Murrell
148fcb1bb8 Put low port privilege into an optional subpackage
Move "AmbientCapabilities=CAP_NET_BIND_SERVICE" to the "[Service]"
section of the optional "lowport" unit drop-in file and package that
drop-in in a separate, optionally installable jellyfin-server-lowports
subpackage.

This isolates the CAP_NET_BIND_SERVICE capability to only installations
that desire it.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-11-30 01:18:27 -05:00
Brian J. Murrell
757970bfc1 Merge remote-tracking branch 'origin/master' into HEAD 2021-11-29 17:53:26 -05:00
Cody Robibero
4fc3de9b75
Fix builds for dotnet6 (#6595)
* Target net6.0

* Use new Enum.TryParse(ReadOnlySpan<char>) overload

* Replace RNGCryptoServiceProvider with RandomNumberGenerator

* ci - target net6.0 (#6594)

* Update deployment for dotnet6

* Use generic 6.0.x preview for CI

* Update direct dotnet download links

Co-authored-by: Bond_009 <bond.009@outlook.com>
2021-09-25 06:21:48 -06:00
Claus Vium
06242121c5
Merge pull request #4615 from strugee/fix-restart.sh 2021-09-06 13:53:23 +02:00
Joshua M. Boniface
e5cbafdb6b
Merge pull request #5606 from lmnotran/feature/delay-service-start
Delay starting service until after network is online
2021-08-18 02:25:54 -04:00
Brian J. Murrell
a3a4689af2 Allow to bind to priveleged ports (i.e. 80/443)
Add "AmbientCapabilities=CAP_NET_BIND_SERVICE" to the "[Service]"
section of the unit file to allow the server to bind to ports 80 and 443.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-04-22 10:07:51 -04:00
cvium
01491796a2 Enable Workstation GC mode 2021-04-11 12:57:28 +02:00
Mason Tran
415b03d719
Delay starting services until after network is online 2021-03-24 02:35:44 -04:00
dkanada
995b370017
Merge pull request #4663 from joshuaboniface/bump-version-10.8.0
Bump version to 10.8.0 for next release
2021-02-09 11:38:31 +09:00
Joe Ceresini
530c4dc11b Use variables for version, and fix conflict 2021-01-05 00:32:46 -05:00
Joshua M. Boniface
5f2cd11199 Bump version to 10.8.0 for next release 2020-12-04 21:56:24 -05:00
AJ Jordan
bab389114b
Use a service unit, not a scope unit, to restart
Reportedly `systemd-run --scope` still got killed by the service
manager; see #4615. The suspected cause is that `scope` units are run by
the `systemd-run` process itself and inherit the caller's execution
environment (see systemd-run(1)). To fix this, we use a systemd
`service` unit instead, which is run and managed by PID 1 - hopefully
this will isolate us sufficiently so that we don't get terminated along
with `jellyfin.service`.
2020-12-04 16:33:24 -08:00
AJ Jordan
d251c701b9
Use systemd-run(1) in restart.sh
systemd-run(1) runs `systemctl restart` in an isolated systemd unit
that is not subject to process termination as jellyfin.service is shut
down. We adjust the sudoers configuration for this new usage, removing
the old config, since restart.sh is the only user of the sudoers
policy.

Additionally we change `systemctl start` to `systemctl restart` since
there was a race condition where jellyfin.service was not fully
stopped by the time this ran, so `systemctl start` became a noop.
`systemctl restart` on the other hand works whether jellyfin.service is
stopped or not.

The at(1) hack (and the usage of `start` instead of `restart`) is left
in for other init systems since I cannot test on those systems, and
because I don't know of any systemd-run(1) equivalent (although it may
be a non-issue since alternate init systems do not keep track of daemon
children nearly as aggressively as systemd does).
2020-12-04 16:18:26 -08:00
AJ Jordan
b528816b2a
Add sudo to package dependencies
It's used in the restart.sh script.

For Debian, this is a Recommends because virtually everyone will need
this (default APT policy is to install recommended packages so this
works ok), but technically you can configure the server to run as root
and then you wouldn't need it.

For Fedora... frankly I got confused by their Weak Dependencies etc. so
I just made it a hard dependency.
2020-11-29 04:15:11 -05:00
AJ Jordan
2911dfc37d
Don't restart with sudo(8) if it's not available
Some environments, like system containers, have no reason to have
sudo(8) installed. In these environments restart.sh will silently fail
because /usr/bin/sudo does not exist to execute, so test that sudo
exists and don't try to use it otherwise.

Note also that hardcoding sudo's path is wrong: it can be installed in
other places. On FreeBSD, for example, it is /usr/local/bin/sudo when
installed from ports.
2020-11-29 04:04:38 -05:00
AJ Jordan
ce82932c9a
Remove useless which(1) calls in restart.sh
at(1) runs commandlines with /bin/sh anyway, which resolves paths. No
need to do it ourselves.
2020-11-29 04:04:22 -05:00
AJ Jordan
a4e1732e35
Fix restart.sh to look at what's actually booted
The old code was wrong because e.g. systemd can be *installed* on the
system, but not actually used as PID1. In that case we would pick
`systemctl`, but it wouldn't actually work because PID1 was some other
init system.
2020-11-29 03:43:03 -05:00
Joshua M. Boniface
922b02733b
Revert "Enable jellyfin.service unit on Fedora fresh install" 2020-11-24 17:25:50 -05:00
Bill Thornton
4f96e2f256
Merge pull request #4554 from joshuaboniface/fix-restart
Run explicit service start if restart failed
2020-11-23 14:15:18 -05:00
Joshua M. Boniface
91dd95faa3 Add at to the dependencies on Fedora (as in Deb) 2020-11-22 18:32:34 -05:00
Joshua M. Boniface
6de79e03a2 Go back to at with lower sleep and start 2020-11-22 18:32:16 -05:00
Joshua M. Boniface
97665c9478 Remove the at now hack 2020-11-22 17:19:39 -05:00
Joshua M. Boniface
1079ddb46c Run explicit service start if restart failed
Should solve the occasional bugs with the restart in the WebUI.
Sometimes the service stops and then doesn't start again; this will run
an explicit start action afterwards. If this doesn't fix it I'm certain
there would be more tweaking that can be done.
2020-11-22 17:12:29 -05:00
Joshua M. Boniface
5f135a4b46 Use --now to the enable to start too 2020-11-22 17:01:13 -05:00
Joshua M. Boniface
be4e485bd3 Make use of the $1 flag to set installed only 2020-11-22 16:58:07 -05:00
Joshua M. Boniface
d88504c1d6 Set systemctl enabled on Jellyfin service
This was not set for Fedora; I do not recall if this was just an oversight or was
explicitly removed in the past; open to feedback there.

Reported in the LUP Bug-A-Thon
2020-11-22 16:49:12 -05:00
crobibero
1d96167e8d Fix builders 2020-11-16 17:05:31 -07:00
crobibero
185fac0677 Upgrade all netcore3.1 to net5.0 2020-11-15 13:31:47 -07:00
Joshua M. Boniface
88bc2fa3ec Just make everything under libdir/jf a wildcard
I don't know if this will actually work but maybe it will.
2020-10-04 19:50:54 -04:00
crobibero
03d4e90728 add new files to rpm build 2020-09-09 18:52:12 -06:00