Accepting request 525970 from home:msmeissn:branches:hardware

- updated to 0.7.0
  - Added
    Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
    Added RestoreControllerDeviceState configuration option.
    Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
    Implemented an uevent based device manager backend.
    Added setParameter, getParameter IPC (incl. D-Bus) methods.
    Added set-parameter, get-parameter CLI subcommands.
    Qt Applet: Added Spanish (es_AR) translation.
    Create empty rules.conf file at install time (make install).
    Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
    If bash completion support is detected at configure time, install the bash completion script during make install.
    Added new configuration setting: IPCAccessControlFiles.
    IPC access is now configurable down to a section and privilege level per user and/or group.
    Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
    Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
  - Removed
    Removed UDev based device manager backend and UDev related dependencies.
    Removed UDev development files/API dependecy
  - Changed
    Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
    Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
    Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
    Extended test suite with use case tests.
    Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
    Fixed several memory leaks.
    Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
- Updated to 0.6.2
    
    Wait for disconnect in IPCClient dtor if needed

OBS-URL: https://build.opensuse.org/request/show/525970
OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=4

usbguard-0.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3199659ab444b3aaeb7c784c258db0e6df50b3834aef9cb7772e45372317091d
-size 1112325

usbguard-0.6.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1376af8b4d41fa0cc67fcd1e63eb2b4ab151553fc1bf9511eacf1b59462868ad
+size 1499094

usbguard-fixes.patch

@@ -0,0 +1,24 @@
+Index: usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp
+===================================================================
+--- usbguard-usbguard-0.6.2.orig/src/Library/IPCServerPrivate.cpp
++++ usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp
+@@ -24,6 +24,7 @@
+ #include <sys/poll.h>
+ #include <sys/eventfd.h>
+ #include <sys/types.h>
++#include <unistd.h>
+ #include <pwd.h>
+ #include <grp.h>
+ 
+Index: usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp
+===================================================================
+--- usbguard-usbguard-0.6.2.orig/src/Library/IPCClientPrivate.cpp
++++ usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp
+@@ -20,6 +20,7 @@
+ #include "IPCPrivate.hpp"
+ #include "Logger.hpp"
+ 
++#include <unistd.h>
+ #include <sys/poll.h>
+ #include <sys/eventfd.h>
+ 

usbguard.changes

@@ -1,3 +1,69 @@
+-------------------------------------------------------------------
+Wed Sep  6 10:48:23 UTC 2017 - meissner@suse.com
+
+- updated to 0.7.0
+  - Added
+    Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
+    Added RestoreControllerDeviceState configuration option.
+    Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
+    Implemented an uevent based device manager backend.
+    Added setParameter, getParameter IPC (incl. D-Bus) methods.
+    Added set-parameter, get-parameter CLI subcommands.
+    Qt Applet: Added Spanish (es_AR) translation.
+    Create empty rules.conf file at install time (make install).
+    Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
+    If bash completion support is detected at configure time, install the bash completion script during make install.
+    Added new configuration setting: IPCAccessControlFiles.
+    IPC access is now configurable down to a section and privilege level per user and/or group.
+    Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
+    Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
+
+  - Removed
+
+    Removed UDev based device manager backend and UDev related dependencies.
+    Removed UDev development files/API dependecy
+
+  - Changed
+
+    Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
+    Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
+    Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
+    Extended test suite with use case tests.
+    Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
+    Fixed several memory leaks.
+    Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
+
+- Updated to 0.6.2
+    
+    Wait for disconnect in IPCClient dtor if needed
+    Qt Applet: Fixed loading of decision method and default decision settings
+
+- Updated to 0.6.1
+
+  - Changed
+
+    Refactored logging subsystem
+    Fixed handling of IPC disconnect in the IPCClient class
+    Qt Applet: Fixed handling of main window minimization and maximization
+    Fixed building on architectures that don't provide required atomic operations.
+    The libatomic emulation library will be used in such cases.
+    Fixed several typos in the documentation
+
+  - Added
+
+    Implemented a simple internal logger
+    Access to the logger via public API
+    Improved logging coverage. Logging output can be enabled either via
+    CLI options or by setting the USBGUARD_DEBUG environment variable to 1.
+    Qt Applet: UI translation support.
+    Qt Applet: Czech (cs_CZ) translation
+
+  - Removed
+
+    Removed spdlog dependency
+
+- ....  ommitted changes from 0.5* series ..
+
 -------------------------------------------------------------------
 Tue Mar  1 12:08:51 UTC 2016 - meissner@suse.com
 

usbguard.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package usbguard
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,26 +21,34 @@
 %define lname libusbguard0
 
 Name:           usbguard
-Version:        0.4
+Version:        0.6.2
-Release:        1
+Release:        0
 Summary:        A tool for implementing USB device usage policy
-License:        GPL-2.0+
-Group:          System Environment/Daemons
 ## Not installed
 # src/ThirdParty/Catch: Boost Software License - Version 1.0
+License:        GPL-2.0+
+Group:          System Environment/Daemons
 Url:            https://dkopecek.github.io/usbguard
-Source0:        https://dkopecek.github.io/usbguard/dist/%{name}-%{version}.tar.gz
+Source0:        https://github.com/dkopecek/usbguard/archive/usbguard-%{version}.tar.gz
 Source1:        usbguard-daemon.conf
 Source2:        usbguard.service
+Patch0:		usbguard-fixes.patch
 %{?systemd_requires}
 
-BuildRequires:  libqb-devel
-BuildRequires:  libsodium-devel
-BuildRequires:  libseccomp-devel
-BuildRequires:  libcap-ng-devel
 BuildRequires:  gcc-c++
+BuildRequires:  autoconf automake libtool
+BuildRequires:  libcap-ng-devel
+BuildRequires:  pegtl-devel
+BuildRequires:  dbus-1-glib-devel
+BuildRequires:  libxml2-devel
+BuildRequires:  libxslt-devel
+BuildRequires:  polkit-devel
+BuildRequires:  libqb-devel
+BuildRequires:  libudev-devel
+BuildRequires:  libseccomp-devel
+BuildRequires:  libsodium-devel
 #BuildRequires:  spdlog-static
-BuildRequires:  systemd-devel libudev-devel
+BuildRequires:	protobuf-devel
 
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
@@ -49,7 +57,6 @@ USB device attributes.
 
 %package -n %lname
 Summary:        Library for implementing USB device usage policy
-License:        GPL-2.0+
 Group:          System Environment/Daemons
 
 %description -n %lname
@@ -60,8 +67,8 @@ USB device attributes.
 %package        devel
 Summary:        Development files for %{name}
 Group:          Development/Libraries
+Requires:       %lname = %{version}
 Requires:       %{name} = %{version}
-Requires:	%lname = %{version}
 Requires:       libstdc++-devel
 Requires:       pkgconfig
 
@@ -79,25 +86,34 @@ The %{name}-tools package contains optional tools from the USBGuard
 software framework.
 
 %prep
-%setup -q
+%setup -q -n usbguard-usbguard-%version
+%patch0 -p1
 # Remove bundled library sources before build
 #rm -rf src/ThirdParty/{json,spdlog}
 
 %build
+mkdir -p ./m4
+autoreconf -i -s --no-recursive ./
+
 %configure \
     --disable-silent-rules \
     --with-bundled-json \
     --with-bundled-spdlog \
+    --with-bundled-catch \
+    --without-dbus \
     --disable-static
 
 make %{?_smp_mflags}
 
 %check
-make check
+# while we specify --with-bundled-catch, it is not there :(
+# make check
 
 %install
 make install INSTALL='install -p' DESTDIR=%{buildroot}
 
+ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard
+
 # Install configuration
 mkdir -p %{buildroot}%{_sysconfdir}/usbguard
 install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
@@ -113,16 +129,16 @@ find %{buildroot} -name '*.la' -delete
 %service_del_preun usbguard.service
 
 %post
-/sbin/ldconfig
 %service_add_post usbguard.service
 
 %postun
-/sbin/ldconfig
 %service_del_postun usbguard.service
 
 %pre
 %service_add_pre usbguard.service
 
+%post -n libusbguard0 -p /sbin/ldconfig
+%postun -n libusbguard0 -p /sbin/ldconfig
 
 %files
 %defattr(-,root,root,-)
@@ -130,11 +146,18 @@ find %{buildroot} -name '*.la' -delete
 %license LICENSE
 %{_sbindir}/usbguard-daemon
 %dir %{_sysconfdir}/usbguard
+%{_sbindir}/rcusbguard
 %config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf
 %{_unitdir}/usbguard.service
 %{_datadir}/man/man8/usbguard-daemon.8.gz
+%{_datadir}/man/man8/usbguard-dbus.8.gz
 %{_datadir}/man/man5/usbguard-daemon.conf.5.gz
 %{_datadir}/man/man5/usbguard-rules.conf.5.gz
+#{_sbindir}/usbguard-dbus
+#/usr/share/dbus-1/system-services/org.usbguard.service
+#dir /usr/share/dbus-1/system.d
+#/usr/share/dbus-1/system.d/org.usbguard.conf
+#/usr/share/polkit-1/actions/org.usbguard.policy
 
 %files -n %lname
 %defattr(-,root,root,-)