Update packaging

Dockerfile

@@ -1,7 +1,7 @@
 FROM quay.io/centos/centos:stream8
 
 RUN dnf update -y && dnf install -y make rpmdevtools rpmlint 'dnf-command(builddep)'
-RUN dnf install -y go-srpm-macros https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/go{lang-bin,lang,-toolset}-1.21.3-5.el9.x86_64.rpm https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/golang-src-1.21.3-5.el9.noarch.rpm --allowerasing
+RUN dnf install -y go-srpm-macros go{lang-bin,lang,-toolset} --allowerasing
 
 COPY /SOURCES/go.mod /root/v2/go.mod
 # This isn't the real build but it will hopefully cache at least some of the build

rpmbuild/SOURCES/glauth.service

@@ -5,14 +5,14 @@ After=syslog.target network.target keycloak.service
 [Service]
 DynamicUser=yes
 SuccessExitStatus=0
-ExecStart=/usr/bin/glauth -c /etc/glauth.cfg
+RuntimeDirectory=%N
+ExecStartPre=+bash -c "install -o$(stat -c %%u ${RUNTIME_DIRECTORY}) /etc/glauth.cfg ${RUNTIME_DIRECTORY}/glauth.cfg"
+ExecStart=/usr/bin/glauth -c "${RUNTIME_DIRECTORY}/glauth.cfg"
 PrivateTmp=yes
-#PrivateUsers=yes
 NoNewPrivileges=yes
 RemoveIPC=yes
 MemoryDenyWriteExecute=yes
 RestrictNamespaces=yes
-IPAddressAllow=127.0.0.1 10.121.0.0/16
 ProtectKernelTunables=yes
 ProtectKernelModules=yes
 ProtectControlGroups=yes
@@ -24,7 +24,7 @@ ProtectHome=yes
 LockPersonality=yes
 RestrictRealtime=yes
 SystemCallFilter=@system-service
-RestartSec=10min
+RestartSec=1min
 Restart=on-failure
 
 EnvironmentFile=/etc/glauth.env

rpmbuild/SPECS/glauth.spec

@@ -33,7 +33,7 @@ sed 's@/Users/gwelch/build/source/glauth/v2/bin/darwinamd64@%{_libdir}@g' pkg/pl
 rm -rf $RPM_BUILD_ROOT
 install -D -m 755 bin/%{name} %{buildroot}/%{_bindir}/%{name}
 install -D -m 755 bin/keycloak.so %{buildroot}/%{_libdir}/keycloak.so
-install -D -m 644 bin/glauth.cfg %{buildroot}/%{_sysconfdir}/glauth.cfg
+install -D -m 600 bin/glauth.cfg %{buildroot}/%{_sysconfdir}/glauth.cfg
 install -D -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}/%{name}.service