[arch-commits] Commit in interception-tools/repos (4 files)

[Brett Cornwall]

    Date: Friday, December 25, 2020 @ 23:25:38
  Author: ainola
Revision: 791174

archrelease: copy trunk to community-x86_64

Added:
  interception-tools/repos/community-x86_64/
  interception-tools/repos/community-x86_64/PKGBUILD
    (from rev 791172, interception-tools/trunk/PKGBUILD)
  interception-tools/repos/community-x86_64/interception-tools.install
    (from rev 791173, interception-tools/trunk/interception-tools.install)
  interception-tools/repos/community-x86_64/udevmon.service
    (from rev 791173, interception-tools/trunk/udevmon.service)

----------------------------+
 PKGBUILD                   |   41 +++++++++++++++++++++++++++++++++++++++++
 interception-tools.install |    4 ++++
 udevmon.service            |   36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 81 insertions(+)

Copied: interception-tools/repos/community-x86_64/PKGBUILD (from rev 791172, interception-tools/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2020-12-25 23:25:38 UTC (rev 791174)
@@ -0,0 +1,41 @@
+# Maintainer: Brett Cornwall <ainola at archlinux.org>
+# Contributor: Francisco Lopes
+
+pkgname=interception-tools
+pkgver=0.2.2
+pkgrel=2
+pkgdesc='A minimal composable infrastructure on top of libudev and libevdev'
+arch=('x86_64')
+license=('GPL3')
+url='https://gitlab.com/interception/linux/tools'
+# Add 'libevdev.so' once https://bugs.archlinux.org/task/69112 is fixed
+depends=(
+    'libevdev'
+    'yaml-cpp' 'libyaml-cpp.so'
+    'systemd-libs' 'libudev.so'
+)
+makedepends=('cmake' 'systemd')
+# Until https://gitlab.com/interception/linux/tools/-/merge_requests/10 is
+# merged, include a .service file ourselves
+source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/interception/linux/tools/-/archive/v$pkgver/tools-v$pkgver.tar.gz"
+        'udevmon.service')
+sha256sums=('56fc110917b05b7ec00b440436fd536a30275449e574978a72bb1f102e9a731a'
+            'b94f1f19e2d8e2dc4d4ec6d183f373520a2cf5a0ec90dff19607611e4b251b6d')
+
+build() {
+    cmake -B build \
+          -S "tools-v${pkgver}" \
+          -DCMAKE_INSTALL_PREFIX=/usr \
+          -DCMAKE_BUILD_TYPE=None \
+          -Wno-dev
+    cmake --build build
+}
+
+package() {
+    install -dm755 "$pkgdir/etc/interception/udevmon.d"
+    install -Dm644 udevmon.service -t "$pkgdir/usr/lib/systemd/system"
+    install -Dm644 "tools-v${pkgver}/README.md" -t "$pkgdir/usr/share/doc/$pkgname"
+
+    cd build
+    make DESTDIR="$pkgdir/" install
+}

Copied: interception-tools/repos/community-x86_64/interception-tools.install (from rev 791173, interception-tools/trunk/interception-tools.install)
===================================================================
--- community-x86_64/interception-tools.install	                        (rev 0)
+++ community-x86_64/interception-tools.install	2020-12-25 23:25:38 UTC (rev 791174)
@@ -0,0 +1,4 @@
+post_upgrade() {
+    echo "The udevmon.yaml configuration file now is expected at:"
+    echo "    /etc/interception-tools/udevmon.yaml"
+}

Copied: interception-tools/repos/community-x86_64/udevmon.service (from rev 791173, interception-tools/trunk/udevmon.service)
===================================================================
--- community-x86_64/udevmon.service	                        (rev 0)
+++ community-x86_64/udevmon.service	2020-12-25 23:25:38 UTC (rev 791174)
@@ -0,0 +1,36 @@
+[Unit]
+Description=Monitor input devices for launching tasks
+Wants=systemd-udev-settle.service
+After=systemd-udev-settle.service
+Documentation=man:udev(7)
+
+[Service]
+ExecStart=/usr/bin/udevmon -c /etc/interception/udevmon.yaml
+Nice=-20
+Restart=on-failure
+RestartSec=5s
+OOMScoreAdjust=-1000
+
+DeviceAllow=char-* rw
+DevicePolicy=strict
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+PrivateMounts=yes
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=yes
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=yes
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service @raw-io
+
+[Install]
+WantedBy=multi-user.target