Accepting request 361252 from home:msmeissn

resubmit

OBS-URL: https://build.opensuse.org/request/show/361252
OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

usbguard-0.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f51b03d055d5092834c24d1cbd3aad6984b60279a29ba7e7bfe4a35ba69ababc
+size 1080773

usbguard-daemon.conf

@@ -0,0 +1,77 @@
+#
+# Rule set file path.
+#
+# The USBGuard daemon will use this file to load the policy
+# rule set from it and to write new rules received via the
+# IPC interface.
+#
+# RuleFile=/path/to/rules.conf
+#
+RuleFile=/etc/usbguard/rules.conf
+
+#
+# Implicit policy target.
+#
+# How to treat devices that don't match any rule in the
+# policy. One of:
+#
+# * allow  - authorize the device
+# * block  - block the device
+# * reject - remove the device
+#
+ImplicitPolicyTarget=block
+
+#
+# Present device policy.
+#
+# How to treat devices that are already connected when the
+# daemon starts. One of:
+#
+# * allow        - authorize every present device
+# * block        - deauthorize every present device
+# * reject       - remove every present device
+# * keep         - just sync the internal state and leave it
+# * apply-policy - evaluate the ruleset for every present
+#                  device
+#
+PresentDevicePolicy=keep
+
+#
+# Present controller policy.
+#
+# How to treat USB controllers that are already connected
+# when the daemon starts. One of:
+#
+# * allow        - authorize every present device
+# * block        - deauthorize every present device
+# * reject       - remove every present device
+# * keep         - just sync the internal state and leave it
+# * apply-policy - evaluate the ruleset for every present
+#                  device
+#
+PresentControllerPolicy=allow
+
+#!!! WARNING: It's good practice to set at least one of the !!!
+#!!!          two options bellow. If none of them are set,  !!!
+#!!!          the daemon will accept IPC connections from   !!!
+#!!!          anyone, thus allowing anyone to modify the    !!!
+#!!!          rule set and (de)authorize USB devices.       !!!
+
+#
+# Users allowed to use the IPC interface.
+#
+# A space delimited list of usernames that the daemon will
+# accept IPC connections from.
+#
+# IPCAllowedUsers=username1 username2 ...
+#
+
+#
+# Groups allowed to use the IPC interface.
+#
+# A space delimited list of groupnames that the daemon will
+# accept IPC connections from.
+#
+# IPCAllowedGroups=groupname1 groupname2 ...
+#
+IPCAllowedGroups=wheel

usbguard.changes

@@ -0,0 +1,6 @@
+-------------------------------------------------------------------
+Sun Jan 31 09:40:56 UTC 2016 - meissner@suse.com
+
+- a daemon and framework and tools to guard against bad usb
+  devices.
+

usbguard.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=USBGuard daemon
+Wants=systemd-udevd.service local-fs.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/usbguard-daemon -k -c /etc/usbguard/usbguard-daemon.conf
+Restart=on-failure
+
+[Install]
+WantedBy=base.target

usbguard.spec

@@ -0,0 +1,139 @@
+#
+# spec file for package usbguard
+#
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+%global _hardened_build 1
+
+Name:           usbguard
+Version:        0.4
+Release:        1
+Summary:        A tool for implementing USB device usage policy
+License:        GPL-2.0+
+Group:          System Environment/Daemons
+## Not installed
+# src/ThirdParty/Catch: Boost Software License - Version 1.0
+Url:            https://dkopecek.github.io/usbguard
+Source0:        https://dkopecek.github.io/usbguard/dist/%{name}-%{version}.tar.gz
+Source1:        usbguard-daemon.conf
+Source2:        usbguard.service
+%{?systemd_requires}
+
+BuildRequires:  libqb-devel
+BuildRequires:  libsodium-devel
+BuildRequires:  libseccomp-devel
+BuildRequires:  libcap-ng-devel
+BuildRequires:  gcc-c++
+#BuildRequires:  spdlog-static
+BuildRequires:  systemd-devel libudev-devel
+
+%description
+The USBGuard software framework helps to protect your computer against rogue USB
+devices by implementing basic whitelisting/blacklisting capabilities based on
+USB device attributes.
+
+%package        devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries
+Requires:       %{name} = %{version}-%{release}
+Requires:       libstdc++-devel
+Requires:       pkgconfig
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%package        tools
+Summary:        USBGuard Tools
+Group:          Applications/System
+Requires:       %{name} = %{version}-%{release}
+
+%description    tools
+The %{name}-tools package contains optional tools from the USBGuard
+software framework.
+
+%prep
+%setup -q
+# Remove bundled library sources before build
+#rm -rf src/ThirdParty/{json,spdlog}
+
+%build
+%configure \
+    --disable-silent-rules \
+    --with-bundled-json \
+    --with-bundled-spdlog \
+    --disable-static
+
+make %{?_smp_mflags}
+
+%check
+make check
+
+%install
+make install INSTALL='install -p' DESTDIR=%{buildroot}
+
+# Install configuration
+mkdir -p %{buildroot}%{_sysconfdir}/usbguard
+install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
+
+# Install systemd unit
+mkdir -p %{buildroot}%{_unitdir}
+install -p -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/usbguard.service
+
+# Cleanup
+find %{buildroot} -name '*.la' -exec rm -f {} ';'
+
+%preun
+%service_del_preun usbguard.service
+
+%post
+/sbin/ldconfig
+%service_add_post usbguard.service
+
+%postun
+/sbin/ldconfig
+%service_del_postun usbguard.service
+
+%pre
+%service_add_pre usbguard.service
+
+
+%files
+%defattr(-,root,root,-)
+%doc README.md
+%license LICENSE
+%{_libdir}/*.so.*
+%{_sbindir}/usbguard-daemon
+%dir %{_sysconfdir}/usbguard
+%config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf
+%{_unitdir}/usbguard.service
+%{_datadir}/man/man8/usbguard-daemon.8.gz
+%{_datadir}/man/man5/usbguard-daemon.conf.5.gz
+%{_datadir}/man/man5/usbguard-rules.conf.5.gz
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/*
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+
+%files tools
+%defattr(-,root,root,-)
+%{_bindir}/usbguard
+%{_bindir}/usbguard-rule-parser
+%{_datadir}/man/man1/usbguard.1.gz
+
+%changelog