gentoo resync : 25.03.2022

2 files changed, 77 insertions, 0 deletions

diff --git a/games-util/joycond/files/joycond-systemd-paranoia.patch b/games-util/joycond/files/joycond-systemd-paranoia.patch
new file mode 100644
index 000000000000..f6803d074f17
--- /dev/null
+++ b/games-util/joycond/files/joycond-systemd-paranoia.patch
@@ -0,0 +1,45 @@
+From d39ce9de9420560494d92519f4e29a40d685a5b4 Mon Sep 17 00:00:00 2001
+From: Andrew Udvare <audvare@gmail.com>
+Date: Sun, 12 Dec 2021 22:02:00 -0500
+Subject: [PATCH] systemd service: paranoia mode
+
+---
+ systemd/joycond.service | 24 +++++++++++++++++++-----
+ 1 file changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/systemd/joycond.service b/systemd/joycond.service
+index cc8e408..5a8b045 100644
+--- a/systemd/joycond.service
++++ b/systemd/joycond.service
+@@ -4,12 +4,26 @@ After=network.target
+ 
+ [Service]
+ ExecStart=/usr/bin/joycond
+-WorkingDirectory=/root
+-StandardOutput=inherit
+-StandardError=inherit
+ Restart=always
+-User=root
++
++DeviceAllow=char-input
++DevicePolicy=closed
++LockPersonality=yes
++MemoryDenyWriteExecute=yes
++NoNewPrivileges=yes
++ProtectClock=yes
++PrivateTmp=yes
++ProtectHome=yes
++ProtectHostname=yes
++ProtectControlGroups=yes
++ProtectKernelModules=yes
++ProtectProc=noaccess
++ProtectSystem=strict
++RestrictAddressFamilies=AF_NETLINK
++RestrictNetworkInterfaces=
++RestrictRealtime=yes
++RestrictSUIDSGID=yes
++SocketBindDeny=any
+ 
+ [Install]
+ WantedBy=multi-user.target
+-
diff --git a/games-util/joycond/files/joycond-systemd-paths.patch b/games-util/joycond/files/joycond-systemd-paths.patch
new file mode 100644
index 000000000000..8b8288350a3e
--- /dev/null
+++ b/games-util/joycond/files/joycond-systemd-paths.patch
@@ -0,0 +1,32 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index f9d6e93..4e05976 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -28,12 +28,24 @@ add_subdirectory(src)
+ install(TARGETS joycond DESTINATION /usr/bin/
+         PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+         )
+-install(FILES udev/89-joycond.rules udev/72-joycond.rules DESTINATION /lib/udev/rules.d/
++
++pkg_get_variable(UDEV_RULES_PATH udev udevdir)
++install(FILES udev/89-joycond.rules udev/72-joycond.rules DESTINATION ${UDEV_RULES_PATH}/rules.d/
+         PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ 
+         )
+-install(FILES systemd/joycond.service DESTINATION /etc/systemd/system
++
++execute_process(COMMAND systemd-path systemd-system-unit OUTPUT_VARIABLE SYSTEMD_SYSTEM_UNIT_PATH OUTPUT_STRIP_TRAILING_WHITESPACE RESULT_VARIABLE UNIT_RETVAL)
++if(NOT "${UNIT_RETVAL}" EQUAL 0)
++    set(SYSTEMD_SYSTEM_UNIT_PATH "/usr/lib/systemd/system")
++endif()
++install(FILES systemd/joycond.service DESTINATION ${SYSTEMD_SYSTEM_UNIT_PATH}
+         PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ
+         )
+-install(FILES systemd/joycond.conf DESTINATION /etc/modules-load.d
++
++execute_process(COMMAND systemd-path modules-load OUTPUT_VARIABLE SYSTEMD_MODULES_LOAD_PATH OUTPUT_STRIP_TRAILING_WHITESPACE RESULT_VARIABLE MODULES_RETVAL)
++if(NOT "${MODULES_RETVAL}" EQUAL 0)
++    set(SYSTEMD_MODULES_LOAD_PATH "/usr/lib/modules-load.d")
++endif()
++install(FILES systemd/joycond.conf DESTINATION ${SYSTEMD_MODULES_LOAD_PATH}
+         PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ
+         )