1 files changed, 39 insertions, 0 deletions

diff --git a/debian/patches/0008-user-service.patch b/debian/patches/0008-user-service.patch
new file mode 100644
index 0000000..06b6530
--- /dev/null
+++ b/debian/patches/0008-user-service.patch
@@ -0,0 +1,39 @@
+From: Python Applications Packaging Team
+ <python-apps-team@lists.alioth.debian.org>
+Date: Sun, 13 May 2018 15:07:57 +0200
+Subject: user-service
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+commit 1980b7cb4239463b581579cc39480774d3e2d2fe
+Author: Antoine Beaupré <anarcat@debian.org>
+Date:   Mon Sep 12 12:01:44 2016 -0400
+
+    run daemon as the irker user (Close: #832758)
+    
+    this is an improvement upon the default .service file. it requires a
+    irker user to be created, something which is automatically handled by
+    the debian package, but should be handled by other distributions when
+    deploying the .service file.
+    
+    there are obvious dangers in running irkerd as root: a compromise
+    would be catastrophic, and since it runs on public servers that are
+    traditionnally pretty hostile (IRC), it seems critical that rights of
+    the daemon be limited.
+---
+ irkerd.service | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/irkerd.service b/irkerd.service
+index 74e9126..2318f54 100644
+--- a/irkerd.service
++++ b/irkerd.service
+@@ -7,6 +7,7 @@ Requires=network.target
+ 
+ [Service]
+ ExecStart=/usr/bin/irkerd
++User=irker
+ 
+ [Install]
+ WantedBy=multi-user.target