From 2160ca51453cbad5ab32feea5eb322da772c964d Mon Sep 17 00:00:00 2001
From: frank_kunz <>
Date: Nov 09 2021 23:17:25 +0000
Subject: Update brickd to version 2.4.3 / rev 4 via SR 930528
https://build.opensuse.org/request/show/930528
by user frank_kunz + dimstar_suse
---
diff --git a/packages/b/brickd/.files b/packages/b/brickd/.files
index c85bbd1..1a7db74 100644
Binary files a/packages/b/brickd/.files and b/packages/b/brickd/.files differ
diff --git a/packages/b/brickd/.rev b/packages/b/brickd/.rev
index 45aa1cd..5b37db3 100644
--- a/packages/b/brickd/.rev
+++ b/packages/b/brickd/.rev
@@ -23,4 +23,12 @@
855585
+
+ d742cddbfb2b4bba837222c71e726f4c
+ 2.4.3
+
+ dimstar_suse
+
+ 930528
+
diff --git a/packages/b/brickd/.servicemark b/packages/b/brickd/.servicemark
index 7aba904..6b323ff 100644
--- a/packages/b/brickd/.servicemark
+++ b/packages/b/brickd/.servicemark
@@ -1 +1 @@
-29c0367677ae0bd588e43d50366049c9
+768828f4acb6dc05717aaf2091d4548f
diff --git a/packages/b/brickd/brickd.changes b/packages/b/brickd/brickd.changes
index 64483a3..1ef6928 100644
--- a/packages/b/brickd/brickd.changes
+++ b/packages/b/brickd/brickd.changes
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Wed Aug 25 11:21:31 UTC 2021 - Johannes Segitz
+
+- Added hardening to systemd service(s). Added patch(es):
+ * harden_brickd-resume.service.patch
+ * harden_brickd.service.patch
+
+-------------------------------------------------------------------
Thu Dec 10 20:06:30 UTC 2020 - Frank Kunz
- Update to new upstream version 2.4.3:
diff --git a/packages/b/brickd/brickd.spec b/packages/b/brickd/brickd.spec
index 8fc17e1..4bb1e0a 100644
--- a/packages/b/brickd/brickd.spec
+++ b/packages/b/brickd/brickd.spec
@@ -1,7 +1,7 @@
#
# spec file for package brickd
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2019 Frank Kunz
#
# All modifications and additions to the file contributed by third parties
@@ -26,6 +26,8 @@ Group: System/Daemons
URL: http://www.tinkerforge.com
Source0: https://github.com/Tinkerforge/brickd/archive/v%{version}.tar.gz
Source1: https://github.com/Tinkerforge/daemonlib/archive/brickd-%{version}.tar.gz
+Patch0: harden_brickd-resume.service.patch
+Patch1: harden_brickd.service.patch
BuildRequires: pkgconfig(libusb)
BuildRequires: pkgconfig(systemd)
Suggests: logrotate
@@ -38,6 +40,8 @@ the TCP/IP socket connection to the language binding APIs.
%prep
%setup -q -a 1 -n %{name}-%{version}
mv daemonlib-%{name}-%{version} src/daemonlib
+%patch0 -p1
+%patch1 -p1
%build
pushd src/brickd
diff --git a/packages/b/brickd/harden_brickd-resume.service.patch b/packages/b/brickd/harden_brickd-resume.service.patch
new file mode 100644
index 0000000..4d58494
--- /dev/null
+++ b/packages/b/brickd/harden_brickd-resume.service.patch
@@ -0,0 +1,22 @@
+Index: brickd-2.4.3/src/build_data/linux/installer/lib/systemd/system/brickd-resume.service
+===================================================================
+--- brickd-2.4.3.orig/src/build_data/linux/installer/lib/systemd/system/brickd-resume.service
++++ brickd-2.4.3/src/build_data/linux/installer/lib/systemd/system/brickd-resume.service
+@@ -4,6 +4,17 @@ After=suspend.target
+ Requisite=brickd.service
+
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions
+ User=root
+ Type=oneshot
+ ExecStart=/usr/bin/pkill -F /var/run/brickd.pid -L -USR1
diff --git a/packages/b/brickd/harden_brickd.service.patch b/packages/b/brickd/harden_brickd.service.patch
new file mode 100644
index 0000000..19223b7
--- /dev/null
+++ b/packages/b/brickd/harden_brickd.service.patch
@@ -0,0 +1,22 @@
+Index: brickd-2.4.3/src/build_data/linux/installer/lib/systemd/system/brickd.service
+===================================================================
+--- brickd-2.4.3.orig/src/build_data/linux/installer/lib/systemd/system/brickd.service
++++ brickd-2.4.3/src/build_data/linux/installer/lib/systemd/system/brickd.service
+@@ -3,6 +3,17 @@ Description=Brick Daemon
+ After=network.target
+
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions
+ Type=forking
+ ExecStart=/usr/bin/brickd --daemon
+ PIDFile=/var/run/brickd.pid