usbguard/usbguard.spec

#
# spec file for package usbguard
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%global _hardened_build 1
%define lname libusbguard1
Name:           usbguard
Version:        1.1.3
Release:        0
Summary:        A tool for implementing USB device usage policy
## Not installed
# src/ThirdParty/Catch: Boost Software License - Version 1.0
License:        GPL-2.0-or-later
Group:          System/Daemons
URL:            https://usbguard.github.io
Source0:        https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz
Source1:        https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz.sum.asc
Source2:        usbguard.keyring
Source3:        usbguard-daemon.conf
Source4:        usbguard-rpmlintrc
Patch0:         usbguard-pthread.patch
BuildRequires:  asciidoc
BuildRequires:  audit-devel
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  bash-completion-devel
BuildRequires:  dbus-1-glib-devel
%if 0%{?suse_version} == 1500
BuildRequires:  gcc10-c++
%else
BuildRequires:  gcc-c++
%endif
BuildRequires:  libcap-ng-devel
BuildRequires:  libqb-devel
BuildRequires:  libseccomp-devel
BuildRequires:  libsodium-devel
BuildRequires:  libtool
BuildRequires:  pkgconfig
BuildRequires:  polkit-devel
#BuildRequires:  spdlog-static
BuildRequires:  protobuf-devel
BuildRequires:  pkgconfig(systemd)
BuildRequires:  pkgconfig(udev)
%{?systemd_requires}

%description
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.

%package -n %{lname}
Summary:        Library for implementing USB device usage policy
Group:          System/Libraries
Obsoletes:      libusbguard0 < %{version}

%description -n %{lname}
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.

%package        devel
Summary:        Development files for %{name}
Group:          Development/Libraries/C and C++
Requires:       %{lname} = %{version}
Requires:       %{name} = %{version}
Requires:       libstdc++-devel
Requires:       pkgconfig

%description    devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

%package        tools
Summary:        USBGuard Tools
Group:          System/Management
Requires:       %{name} = %{version}-%{release}

%description    tools
The %{name}-tools package contains optional tools from the USBGuard
software framework.

%prep
%autosetup -p1 -n usbguard-%{version}

%build
%if 0%{?suse_version} == 1500
export CXX=g++-10
# gcc10 has no gcc10-PIE yet, enforce manually (see boo#1195628 for progress)
export CPPFLAGS='-fPIE'
export LDFLAGS='-pie'
%endif
mkdir -p ./m4
autoreconf -fiv

%configure \
    --disable-silent-rules \
    --with-bundled-catch \
    --with-bundled-pegtl \
    --enable-systemd \
    --with-dbus \
    --disable-static

make %{?_smp_mflags}

%check
# while we specify --with-bundled-catch, it is not there :(
# make check

%install
%make_install INSTALL="install -p"
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard

# Install configuration
mkdir -p %{buildroot}%{_sysconfdir}/usbguard
install -p -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf

# zsh completion, currently needs manual intervention
mkdir -p %{buildroot}%{_datadir}/zsh/site-functions/
install -p -m 644 scripts/usbguard-zsh-completion %{buildroot}%{_datadir}/zsh/site-functions/_usbguard

# turn off system call filtering in Leap 15.X, as it interferes with daemon start up (boo#1173750)
%if 0%{?suse_version} == 1500 && 0%{?is_opensuse}
  sed -i '/^SystemCallFilter=@system-service/d' %{buildroot}%{_unitdir}/usbguard.service
%endif

# Cleanup
find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete

%preun
%service_del_preun usbguard.service usbguard-dbus.service

%post
%service_add_post usbguard.service usbguard-dbus.service

%postun
%service_del_postun usbguard.service usbguard-dbus.service

%pre
%service_add_pre usbguard.service usbguard-dbus.service

%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig

%files
%doc README.adoc CHANGELOG.md
%license LICENSE
%{_sbindir}/usbguard-daemon
%dir %{_localstatedir}/log/usbguard
%dir %{_sysconfdir}/usbguard
%{_sbindir}/rcusbguard
%{_sbindir}/usbguard-dbus
%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
%{_unitdir}/usbguard.service
%{_unitdir}/usbguard-dbus.service
%{_mandir}/man8/usbguard-daemon.8%{?ext_man}
%{_mandir}/man8/usbguard-dbus.8%{?ext_man}
%{_mandir}/man5/usbguard-daemon.conf.5%{?ext_man}
%{_mandir}/man5/usbguard-rules.conf.5%{?ext_man}
%{_datadir}/bash-completion/completions/usbguard
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%{_datadir}/zsh/site-functions/_usbguard
%{_datadir}/dbus-1/system-services/org.usbguard1.service
%{_datadir}/dbus-1/system.d/org.usbguard1.conf
%{_datadir}/polkit-1/actions/org.usbguard1.policy

%files -n %{lname}
%license LICENSE
%{_libdir}/*.so.*

%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files tools
%{_bindir}/usbguard
%{_bindir}/usbguard-rule-parser
%{_mandir}/man1/usbguard.1%{?ext_man}

%changelog