Merge pull request #399 from nodecross/fix/build-by-omnibus

Fix/build by omnibus
nodecross · Sep 29, 2024 · c8cd1bb · c8cd1bb
2 parents 8e8941c + 1c2219f
commit c8cd1bb
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/omnibus/config/software/build-nodex-agent.rb b/omnibus/config/software/build-nodex-agent.rb
@@ -3,17 +3,21 @@
 
 build do
   nodex_dir = File.expand_path('..', Omnibus::Config.project_root)
-  unless Dir.exist?("#{project_dir}/src")
-    mkdir "#{project_dir}/src"
+  unless Dir.exist?("#{project_dir}/agent")
+    mkdir "#{project_dir}/agent"
   end
-  copy "#{nodex_dir}/src/*", "#{project_dir}/src/"
+  copy "#{nodex_dir}/agent/*", "#{project_dir}/agent/"
+
+  unless Dir.exist?("#{project_dir}/protocol")
+    mkdir "#{project_dir}/protocol"
+  end
+  copy "#{nodex_dir}/protocol/*", "#{project_dir}/protocol/"
 
   unless Dir.exist?("#{project_dir}/e2e")
     mkdir "#{project_dir}/e2e"
   end
   copy "#{nodex_dir}/e2e/*", "#{project_dir}/e2e/"
 
-  copy "#{nodex_dir}/build.rs", "#{project_dir}"
   copy "#{nodex_dir}/Cargo.toml", "#{project_dir}"
   copy "#{nodex_dir}/Cargo.lock", "#{project_dir}"
 

diff --git a/omnibus/config/templates/init-scripts/systemd.service.erb b/omnibus/config/templates/init-scripts/systemd.service.erb
@@ -22,15 +22,10 @@ User=nodex
 Group=nodex
 
 # Security and isolation settings:
-# - PrivateTmp: Isolates temporary files from other services.
 # - NoNewPrivileges: Prevents gaining additional privileges.
 # - ProtectSystem, ProtectKernelModules, ProtectKernelTunables, ProtectControlGroups: Limits the service’s ability to modify the system, enhancing security.
-PrivateTmp=true
 NoNewPrivileges=true
 ProtectSystem=full
-ReadWritePaths=%h/.config
-ReadWritePaths=%h/.nodex
-ReadWritePaths=%h/bin
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectControlGroups=true