chore: Update version to 7.0.37

[wangrong1069]

Summary by Sourcery

Update packaging metadata and service configuration for the deepin-anything server.

Deployment:

• Adjust deepin-anything server service configuration, likely aligning it with the new version or packaging requirements.

Chores:

• Bump project/debian package version to 7.0.37 in the changelog.

[github-actions]

TAG Bot

TAG: 7.0.37
EXISTED: no
DISTRIBUTION: unstable

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Bumps the project to version 7.0.37, updating the Debian packaging changelog and aligning the deepin-anything server systemd service file accordingly.

File-Level Changes

Change	Details	Files
Update package version metadata to 7.0.37 for Debian packaging.	Set the latest entry in debian changelog to version 7.0.37 with appropriate metadata Ensure the new version is positioned at the top of the changelog per Debian conventions	debian/changelog
Align deepin-anything server systemd service with the new version or packaging adjustments.	Adjust version-related or packaging-related fields in the deepin-anything-server systemd unit file to be consistent with 7.0.37 Verify that service metadata/comments reflect the updated version where applicable	src/server/deepin-anything-server.service

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

Git Diff 代码审查报告

总体评估

此次修改主要针对 deepin-anything 项目的 systemd 服务单元文件进行了调整，包括服务重启限制配置的移动和 ProtectHome 选项的禁用。这些修改看起来是为了解决服务启动和挂载信息检查相关的问题。

具体审查意见

1. debian/changelog 文件修改

语法逻辑：

• 修改格式符合 Debian changelog 规范
• 版本号从 7.0.36 更新到 7.0.37
• 提交信息简洁明了

建议：

• 可以考虑在 changelog 中添加更多关于为什么需要禁用 ProtectHome 的背景信息，以便将来维护时更容易理解

2. deepin-anything-daemon.service 文件修改

语法逻辑：

• 将 StartLimitIntervalSec 和 StartLimitBurst 从 [Service] 部分移动到 [Unit] 部分
• 添加了清晰的注释说明这两个参数的作用

代码质量：

• 修改后的结构更符合 systemd 最佳实践，因为重启限制是单元级别的设置，应该放在 [Unit] 部分
• 注释清晰明了，提高了可读性

建议：

• 考虑添加更多关于为什么选择这些特定值(3600秒，最多2次重启)的注释，以便将来维护时理解设计决策

3. deepin-anything-server.service 文件修改

语法逻辑：

• 注释掉了 ProtectHome=true 选项
• 添加了注释说明原因："need to check the actual mount info"

代码质量：

• 保留了注释而不是直接删除，这很好，因为它记录了原始配置
• 添加了注释说明修改原因

代码安全：

• 禁用 ProtectHome=true 会降低服务的安全性，因为它允许服务访问用户主目录
• 虽然注释说明了需要检查挂载信息，但没有解释为什么必须访问用户主目录才能做到这一点

建议：

1. 考虑添加更详细的注释，解释为什么需要访问用户主目录来检查挂载信息
2. 评估是否有其他方法可以在不访问用户主目录的情况下获取所需的挂载信息
3. 考虑使用 ProtectHome=read-only 而不是完全禁用，如果只需要读取访问
4. 如果必须完全禁用 ProtectHome，考虑添加其他安全措施来补偿，如更严格的 ReadWritePaths 限制

总结

这次修改主要是为了解决服务启动和挂载信息检查的问题，整体上看起来合理。主要的安全考虑是禁用了 ProtectHome 选项，这降低了服务的安全性。建议在后续版本中考虑更精细的权限控制，而不是完全禁用这个安全特性。

如果可能，建议在代码审查或提交说明中添加更多关于为什么需要禁用 ProtectHome 的技术细节，以便更好地理解这个安全权衡。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lzwind, wangrong1069

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wangrong1069]

/merge