rpm/usbguard
SHA256
1
0
Fork 0
forked from pool/usbguard
Code Pull Requests Activity

Accepting request 525970 from home:msmeissn:branches:hardware

Browse Source 
- updated to 0.7.0
  - Added
    Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
    Added RestoreControllerDeviceState configuration option.
    Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
    Implemented an uevent based device manager backend.
    Added setParameter, getParameter IPC (incl. D-Bus) methods.
    Added set-parameter, get-parameter CLI subcommands.
    Qt Applet: Added Spanish (es_AR) translation.
    Create empty rules.conf file at install time (make install).
    Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
    If bash completion support is detected at configure time, install the bash completion script during make install.
    Added new configuration setting: IPCAccessControlFiles.
    IPC access is now configurable down to a section and privilege level per user and/or group.
    Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
    Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
  - Removed
    Removed UDev based device manager backend and UDev related dependencies.
    Removed UDev development files/API dependecy
  - Changed
    Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
    Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
    Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
    Extended test suite with use case tests.
    Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
    Fixed several memory leaks.
    Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
- Updated to 0.6.2
    
    Wait for disconnect in IPCClient dtor if needed

OBS-URL: https://build.opensuse.org/request/show/525970
OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=4
This commit is contained in:
Marcus Meissner 2017-09-14 05:52:24 +00:00 committed by Git OBS Bridge
parent 59d9712112
commit 6cffe15166
5 changed files with 133 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
usbguard-0.4.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3199659ab444b3aaeb7c784c258db0e6df50b3834aef9cb7772e45372317091d
size 1112325

3
usbguard-0.6.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1376af8b4d41fa0cc67fcd1e63eb2b4ab151553fc1bf9511eacf1b59462868ad
size 1499094

24
usbguard-fixes.patch Normal file
View File

@ -0,0 +1,24 @@
Index: usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp
===================================================================
--- usbguard-usbguard-0.6.2.orig/src/Library/IPCServerPrivate.cpp
+++ usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp
@@ -24,6 +24,7 @@
#include <sys/poll.h>
#include <sys/eventfd.h>
#include <sys/types.h>
+#include <unistd.h>
#include <pwd.h>
#include <grp.h>
Index: usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp
===================================================================
--- usbguard-usbguard-0.6.2.orig/src/Library/IPCClientPrivate.cpp
+++ usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp
@@ -20,6 +20,7 @@
#include "IPCPrivate.hpp"
#include "Logger.hpp"
+#include <unistd.h>
#include <sys/poll.h>
#include <sys/eventfd.h>

66
usbguard.changes
View File

@ -1,3 +1,69 @@
-------------------------------------------------------------------
Wed Sep 6 10:48:23 UTC 2017 - meissner@suse.com
- updated to 0.7.0
- Added
Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
Added RestoreControllerDeviceState configuration option.
Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
Implemented an uevent based device manager backend.
Added setParameter, getParameter IPC (incl. D-Bus) methods.
Added set-parameter, get-parameter CLI subcommands.
Qt Applet: Added Spanish (es_AR) translation.
Create empty rules.conf file at install time (make install).
Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
If bash completion support is detected at configure time, install the bash completion script during make install.
Added new configuration setting: IPCAccessControlFiles.
IPC access is now configurable down to a section and privilege level per user and/or group.
Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
- Removed
Removed UDev based device manager backend and UDev related dependencies.
Removed UDev development files/API dependecy
- Changed
Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
Extended test suite with use case tests.
Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
Fixed several memory leaks.
Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
- Updated to 0.6.2
Wait for disconnect in IPCClient dtor if needed
Qt Applet: Fixed loading of decision method and default decision settings
- Updated to 0.6.1
- Changed
Refactored logging subsystem
Fixed handling of IPC disconnect in the IPCClient class
Qt Applet: Fixed handling of main window minimization and maximization
Fixed building on architectures that don't provide required atomic operations.
The libatomic emulation library will be used in such cases.
Fixed several typos in the documentation
- Added
Implemented a simple internal logger
Access to the logger via public API
Improved logging coverage. Logging output can be enabled either via
CLI options or by setting the USBGUARD_DEBUG environment variable to 1.
Qt Applet: UI translation support.
Qt Applet: Czech (cs_CZ) translation
- Removed
Removed spdlog dependency
- .... ommitted changes from 0.5* series ..
-------------------------------------------------------------------
Tue Mar 1 12:08:51 UTC 2016 - meissner@suse.com

57
usbguard.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package usbguard
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -21,26 +21,34 @@
%define lname libusbguard0
Name: usbguard
Version: 0.4
Release: 1
Version: 0.6.2
Release: 0
Summary: A tool for implementing USB device usage policy
License: GPL-2.0+
Group: System Environment/Daemons
## Not installed
# src/ThirdParty/Catch: Boost Software License - Version 1.0
License: GPL-2.0+
Group: System Environment/Daemons
Url: https://dkopecek.github.io/usbguard
Source0: https://dkopecek.github.io/usbguard/dist/%{name}-%{version}.tar.gz
Source0: https://github.com/dkopecek/usbguard/archive/usbguard-%{version}.tar.gz
Source1: usbguard-daemon.conf
Source2: usbguard.service
Patch0: usbguard-fixes.patch
%{?systemd_requires}
BuildRequires: libqb-devel
BuildRequires: libsodium-devel
BuildRequires: libseccomp-devel
BuildRequires: libcap-ng-devel
BuildRequires: gcc-c++
BuildRequires: autoconf automake libtool
BuildRequires: libcap-ng-devel
BuildRequires: pegtl-devel
BuildRequires: dbus-1-glib-devel
BuildRequires: libxml2-devel
BuildRequires: libxslt-devel
BuildRequires: polkit-devel
BuildRequires: libqb-devel
BuildRequires: libudev-devel
BuildRequires: libseccomp-devel
BuildRequires: libsodium-devel
#BuildRequires: spdlog-static
BuildRequires: systemd-devel libudev-devel
BuildRequires: protobuf-devel
%description
The USBGuard software framework helps to protect your computer against rogue USB
@ -49,7 +57,6 @@ USB device attributes.
%package -n %lname
Summary: Library for implementing USB device usage policy
License: GPL-2.0+
Group: System Environment/Daemons
%description -n %lname
@ -60,8 +67,8 @@ USB device attributes.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name} = %{version}
Requires: %lname = %{version}
Requires: %{name} = %{version}
Requires: libstdc++-devel
Requires: pkgconfig
@ -79,25 +86,34 @@ The %{name}-tools package contains optional tools from the USBGuard
software framework.
%prep
%setup -q
%setup -q -n usbguard-usbguard-%version
%patch0 -p1
# Remove bundled library sources before build
#rm -rf src/ThirdParty/{json,spdlog}
%build
mkdir -p ./m4
autoreconf -i -s --no-recursive ./
%configure \
--disable-silent-rules \
--with-bundled-json \
--with-bundled-spdlog \
--with-bundled-catch \
--without-dbus \
--disable-static
make %{?_smp_mflags}
%check
make check
# while we specify --with-bundled-catch, it is not there :(
# make check
%install
make install INSTALL='install -p' DESTDIR=%{buildroot}
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard
# Install configuration
mkdir -p %{buildroot}%{_sysconfdir}/usbguard
install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
@ -113,16 +129,16 @@ find %{buildroot} -name '*.la' -delete
%service_del_preun usbguard.service
%post
/sbin/ldconfig
%service_add_post usbguard.service
%postun
/sbin/ldconfig
%service_del_postun usbguard.service
%pre
%service_add_pre usbguard.service
%post -n libusbguard0 -p /sbin/ldconfig
%postun -n libusbguard0 -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
@ -130,11 +146,18 @@ find %{buildroot} -name '*.la' -delete
%license LICENSE
%{_sbindir}/usbguard-daemon
%dir %{_sysconfdir}/usbguard
%{_sbindir}/rcusbguard
%config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf
%{_unitdir}/usbguard.service
%{_datadir}/man/man8/usbguard-daemon.8.gz
%{_datadir}/man/man8/usbguard-dbus.8.gz
%{_datadir}/man/man5/usbguard-daemon.conf.5.gz
%{_datadir}/man/man5/usbguard-rules.conf.5.gz
#{_sbindir}/usbguard-dbus
#/usr/share/dbus-1/system-services/org.usbguard.service
#dir /usr/share/dbus-1/system.d
#/usr/share/dbus-1/system.d/org.usbguard.conf
#/usr/share/polkit-1/actions/org.usbguard.policy
%files -n %lname
%defattr(-,root,root,-)