From 6cffe151660688d5b497a092dfbef82f8642b286635ffc70f504ec2c5c624f0b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 14 Sep 2017 05:52:24 +0000 Subject: [PATCH] Accepting request 525970 from home:msmeissn:branches:hardware - updated to 0.7.0 - Added Added InsertedDevicePolicy configuration option to control the policy method for inserted devices. Added RestoreControllerDeviceState configuration option. Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations. Implemented an uevent based device manager backend. Added setParameter, getParameter IPC (incl. D-Bus) methods. Added set-parameter, get-parameter CLI subcommands. Qt Applet: Added Spanish (es_AR) translation. Create empty rules.conf file at install time (make install). Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings. If bash completion support is detected at configure time, install the bash completion script during make install. Added new configuration setting: IPCAccessControlFiles. IPC access is now configurable down to a section and privilege level per user and/or group. Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files. Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not. - Removed Removed UDev based device manager backend and UDev related dependencies. Removed UDev development files/API dependecy - Changed Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices. Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs). Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads. Extended test suite with use case tests. Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks. Fixed several memory leaks. Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase. - Updated to 0.6.2 Wait for disconnect in IPCClient dtor if needed OBS-URL: https://build.opensuse.org/request/show/525970 OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=4 --- usbguard-0.4.tar.gz | 3 -- usbguard-0.6.2.tar.gz | 3 ++ usbguard-fixes.patch | 24 ++++++++++++++++ usbguard.changes | 66 +++++++++++++++++++++++++++++++++++++++++++ usbguard.spec | 57 ++++++++++++++++++++++++++----------- 5 files changed, 133 insertions(+), 20 deletions(-) delete mode 100644 usbguard-0.4.tar.gz create mode 100644 usbguard-0.6.2.tar.gz create mode 100644 usbguard-fixes.patch diff --git a/usbguard-0.4.tar.gz b/usbguard-0.4.tar.gz deleted file mode 100644 index 2c341d6..0000000 --- a/usbguard-0.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3199659ab444b3aaeb7c784c258db0e6df50b3834aef9cb7772e45372317091d -size 1112325 diff --git a/usbguard-0.6.2.tar.gz b/usbguard-0.6.2.tar.gz new file mode 100644 index 0000000..7b1316f --- /dev/null +++ b/usbguard-0.6.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1376af8b4d41fa0cc67fcd1e63eb2b4ab151553fc1bf9511eacf1b59462868ad +size 1499094 diff --git a/usbguard-fixes.patch b/usbguard-fixes.patch new file mode 100644 index 0000000..dc0c238 --- /dev/null +++ b/usbguard-fixes.patch @@ -0,0 +1,24 @@ +Index: usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp +=================================================================== +--- usbguard-usbguard-0.6.2.orig/src/Library/IPCServerPrivate.cpp ++++ usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + +Index: usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp +=================================================================== +--- usbguard-usbguard-0.6.2.orig/src/Library/IPCClientPrivate.cpp ++++ usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp +@@ -20,6 +20,7 @@ + #include "IPCPrivate.hpp" + #include "Logger.hpp" + ++#include + #include + #include + diff --git a/usbguard.changes b/usbguard.changes index 8230770..47a8d70 100644 --- a/usbguard.changes +++ b/usbguard.changes @@ -1,3 +1,69 @@ +------------------------------------------------------------------- +Wed Sep 6 10:48:23 UTC 2017 - meissner@suse.com + +- updated to 0.7.0 + - Added + Added InsertedDevicePolicy configuration option to control the policy method for inserted devices. + Added RestoreControllerDeviceState configuration option. + Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations. + Implemented an uevent based device manager backend. + Added setParameter, getParameter IPC (incl. D-Bus) methods. + Added set-parameter, get-parameter CLI subcommands. + Qt Applet: Added Spanish (es_AR) translation. + Create empty rules.conf file at install time (make install). + Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings. + If bash completion support is detected at configure time, install the bash completion script during make install. + Added new configuration setting: IPCAccessControlFiles. + IPC access is now configurable down to a section and privilege level per user and/or group. + Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files. + Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not. + + - Removed + + Removed UDev based device manager backend and UDev related dependencies. + Removed UDev development files/API dependecy + + - Changed + + Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices. + Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs). + Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads. + Extended test suite with use case tests. + Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks. + Fixed several memory leaks. + Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase. + +- Updated to 0.6.2 + + Wait for disconnect in IPCClient dtor if needed + Qt Applet: Fixed loading of decision method and default decision settings + +- Updated to 0.6.1 + + - Changed + + Refactored logging subsystem + Fixed handling of IPC disconnect in the IPCClient class + Qt Applet: Fixed handling of main window minimization and maximization + Fixed building on architectures that don't provide required atomic operations. + The libatomic emulation library will be used in such cases. + Fixed several typos in the documentation + + - Added + + Implemented a simple internal logger + Access to the logger via public API + Improved logging coverage. Logging output can be enabled either via + CLI options or by setting the USBGUARD_DEBUG environment variable to 1. + Qt Applet: UI translation support. + Qt Applet: Czech (cs_CZ) translation + + - Removed + + Removed spdlog dependency + +- .... ommitted changes from 0.5* series .. + ------------------------------------------------------------------- Tue Mar 1 12:08:51 UTC 2016 - meissner@suse.com diff --git a/usbguard.spec b/usbguard.spec index afecb47..2814e71 100644 --- a/usbguard.spec +++ b/usbguard.spec @@ -1,7 +1,7 @@ # # spec file for package usbguard # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,26 +21,34 @@ %define lname libusbguard0 Name: usbguard -Version: 0.4 -Release: 1 +Version: 0.6.2 +Release: 0 Summary: A tool for implementing USB device usage policy -License: GPL-2.0+ -Group: System Environment/Daemons ## Not installed # src/ThirdParty/Catch: Boost Software License - Version 1.0 +License: GPL-2.0+ +Group: System Environment/Daemons Url: https://dkopecek.github.io/usbguard -Source0: https://dkopecek.github.io/usbguard/dist/%{name}-%{version}.tar.gz +Source0: https://github.com/dkopecek/usbguard/archive/usbguard-%{version}.tar.gz Source1: usbguard-daemon.conf Source2: usbguard.service +Patch0: usbguard-fixes.patch %{?systemd_requires} -BuildRequires: libqb-devel -BuildRequires: libsodium-devel -BuildRequires: libseccomp-devel -BuildRequires: libcap-ng-devel BuildRequires: gcc-c++ +BuildRequires: autoconf automake libtool +BuildRequires: libcap-ng-devel +BuildRequires: pegtl-devel +BuildRequires: dbus-1-glib-devel +BuildRequires: libxml2-devel +BuildRequires: libxslt-devel +BuildRequires: polkit-devel +BuildRequires: libqb-devel +BuildRequires: libudev-devel +BuildRequires: libseccomp-devel +BuildRequires: libsodium-devel #BuildRequires: spdlog-static -BuildRequires: systemd-devel libudev-devel +BuildRequires: protobuf-devel %description The USBGuard software framework helps to protect your computer against rogue USB @@ -49,7 +57,6 @@ USB device attributes. %package -n %lname Summary: Library for implementing USB device usage policy -License: GPL-2.0+ Group: System Environment/Daemons %description -n %lname @@ -60,8 +67,8 @@ USB device attributes. %package devel Summary: Development files for %{name} Group: Development/Libraries +Requires: %lname = %{version} Requires: %{name} = %{version} -Requires: %lname = %{version} Requires: libstdc++-devel Requires: pkgconfig @@ -79,25 +86,34 @@ The %{name}-tools package contains optional tools from the USBGuard software framework. %prep -%setup -q +%setup -q -n usbguard-usbguard-%version +%patch0 -p1 # Remove bundled library sources before build #rm -rf src/ThirdParty/{json,spdlog} %build +mkdir -p ./m4 +autoreconf -i -s --no-recursive ./ + %configure \ --disable-silent-rules \ --with-bundled-json \ --with-bundled-spdlog \ + --with-bundled-catch \ + --without-dbus \ --disable-static make %{?_smp_mflags} %check -make check +# while we specify --with-bundled-catch, it is not there :( +# make check %install make install INSTALL='install -p' DESTDIR=%{buildroot} +ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard + # Install configuration mkdir -p %{buildroot}%{_sysconfdir}/usbguard install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf @@ -113,16 +129,16 @@ find %{buildroot} -name '*.la' -delete %service_del_preun usbguard.service %post -/sbin/ldconfig %service_add_post usbguard.service %postun -/sbin/ldconfig %service_del_postun usbguard.service %pre %service_add_pre usbguard.service +%post -n libusbguard0 -p /sbin/ldconfig +%postun -n libusbguard0 -p /sbin/ldconfig %files %defattr(-,root,root,-) @@ -130,11 +146,18 @@ find %{buildroot} -name '*.la' -delete %license LICENSE %{_sbindir}/usbguard-daemon %dir %{_sysconfdir}/usbguard +%{_sbindir}/rcusbguard %config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf %{_unitdir}/usbguard.service %{_datadir}/man/man8/usbguard-daemon.8.gz +%{_datadir}/man/man8/usbguard-dbus.8.gz %{_datadir}/man/man5/usbguard-daemon.conf.5.gz %{_datadir}/man/man5/usbguard-rules.conf.5.gz +#{_sbindir}/usbguard-dbus +#/usr/share/dbus-1/system-services/org.usbguard.service +#dir /usr/share/dbus-1/system.d +#/usr/share/dbus-1/system.d/org.usbguard.conf +#/usr/share/polkit-1/actions/org.usbguard.policy %files -n %lname %defattr(-,root,root,-)