go2rtc: run service as regular user

Improve security a bit by dropping root privileges.
Also instruct procd to respawn.

Signed-off-by: Vladimir Ermakov <[email protected]>

diff --git a/multimedia/go2rtc/Makefile b/multimedia/go2rtc/Makefile
index 71d13ed54a88648430413392cc40a7a9ece04ecb..217d8bbc4d7d1f7a9982223dd3edff4f2ca40a78 100644 (file)
--- a/multimedia/go2rtc/Makefile
+++ b/multimedia/go2rtc/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=go2rtc
 PKG_VERSION:=1.9.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/AlexxIT/go2rtc/tar.gz/v$(PKG_VERSION)?
@@ -28,6 +28,7 @@ define Package/go2rtc
   TITLE:=go2rtc camera streaming
   URL:=https://github.com/AlexxIT/go2rtc
   DEPENDS:=$(GO_ARCH_DEPENDS) +ffmpeg
+  USERID:=go2rtc:go2rtc
 endef
 
 define Package/go2rtc/description

diff --git a/multimedia/go2rtc/files/go2rtc.init b/multimedia/go2rtc/files/go2rtc.init
index 24af1b0830eb7c108e790e384008a8d1c164192c..1cc4aba83b78525f9eac86d2419bbf743751895b 100644 (file)
--- a/multimedia/go2rtc/files/go2rtc.init
+++ b/multimedia/go2rtc/files/go2rtc.init
@@ -4,9 +4,14 @@ START=99
 
 USE_PROCD=1
 PROG=/usr/bin/go2rtc
+USER=go2rtc
+GROUP=go2rtc
 
 start_service() {
        procd_open_instance
        procd_set_param command "$PROG" -config /etc/go2rtc.yaml
+       procd_set_param user "$USER"
+       procd_set_param group "$GROUP"
+       procd_set_param respawn
        procd_close_instance
 }