Accepting request 640850 from hardware

OBS-URL: https://build.opensuse.org/request/show/640850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/usbguard?expand=0&rev=2

usbguard-0.6.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1376af8b4d41fa0cc67fcd1e63eb2b4ab151553fc1bf9511eacf1b59462868ad
-size 1499094

usbguard-0.7.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:732cc99f9b03632eb558941781c01f869bf96aad7f6976998094b3824d9b7ae2
+size 1197855

usbguard-0.7.4.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAABCAAGBQJbRtwMAAoJEDKid+oJFNJMdvkQANXmEUzCVnFkeEvQZfgFVhYv
+thHufD5G8b01GkJGBYICjl7IdYTmdKaGkuHoNer3SZee8WHjtK3WukxCgJ4q7p9d
+teSQw+U8NEyZOrM25dc+FkI1bj+qYf1v1hh8AKDCWU+bR9J+5EDKNtsL/M84hvXO
+zv44JTH2CsWiM97/dt1pWJbPzCJV+PB4o4nEX2Q1NMh0fv3vlebiX4Sv9vTo7oWi
+tl8cnm2m9jR9wsQS9I1+WHo+iGChCnf64mLohF7RQy1mYysXDkHBVBd56qHSpTXy
+KGFj3TFmRUNXSW2FBK6d5ZwDtHjwz4Ram53KBknw2NpOk1mV0h26LxA/7TzzwFNN
+sdhhpPc63bE3otqL8Uz5ldeyO+rtPQj8orb8euss5vtWi1uZ/UTPQJlaAd0rm33O
+v9sw4wAr3u8m8brCE2b1RVtzVaCYvWnIjo7SPcNxNKD/2J4u2TirvFGNx+7SQIAl
++J9oS+Gc6Zmv2rtWb8Ayjy/0HXpiIiADsgaBpx92DbJL5cpd8IbGEN1s2sfb389T
+/nzLkdJeFmk0PGRgv+wtc4fFA6AlZSZ0+fZSbz/ubbsoA/6Fhvgu9lVems8LAUtK
+87tgvoZbbG7BKCO1FN/6t5pwvU0psWEbzUd5eu7ifIy2Zp9SNPS5Qis7bIA7k+A3
+GlKLLSAVUrp1mM4WIFsa
+=chtE
+-----END PGP SIGNATURE-----

usbguard-applet-qt_desktop_menu_categories.patch

@@ -0,0 +1,12 @@
+Index: usbguard-0.7.4/src/GUI.Qt/usbguard-applet-qt.desktop.in
+===================================================================
+--- usbguard-0.7.4.orig/src/GUI.Qt/usbguard-applet-qt.desktop.in
++++ usbguard-0.7.4/src/GUI.Qt/usbguard-applet-qt.desktop.in
+@@ -6,6 +6,6 @@ Comment=USBGuard Qt Applet
+ TryExec=usbguard-applet-qt
+ Exec=usbguard-applet-qt
+ Icon=usbguard-icon
+-Categories=System;
++Categories=System;Security;
+ Keywords=USB;USBGuard;Applet;Qt;
+ X-Desktop-File-Install-Version=@VERSION@

usbguard-daemon.conf

@@ -34,7 +34,7 @@ ImplicitPolicyTarget=block
 # * apply-policy - evaluate the ruleset for every present
 #                  device
 #
-PresentDevicePolicy=keep
+PresentDevicePolicy=apply-policy
 
 #
 # Present controller policy.
@@ -49,7 +49,49 @@ PresentDevicePolicy=keep
 # * apply-policy - evaluate the ruleset for every present
 #                  device
 #
-PresentControllerPolicy=allow
+PresentControllerPolicy=keep
+
+#
+# Inserted device policy.
+#
+# How to treat USB devices that are already connected
+# *after* the daemon starts. One of:
+#
+# * block        - deauthorize every present device
+# * reject       - remove every present device
+# * apply-policy - evaluate the ruleset for every present
+#                  device
+#
+InsertedDevicePolicy=apply-policy
+
+#
+# Restore controller device state.
+#
+# The USBGuard daemon modifies some attributes of controller
+# devices like the default authorization state of new child device
+# instances. Using this setting, you can controll whether the
+# daemon will try to restore the attribute values to the state
+# before modificaton on shutdown.
+#
+# SECURITY CONSIDERATIONS: If set to true, the USB authorization
+# policy could be bypassed by performing some sort of attack on the
+# daemon (via a local exploit or via a USB device) to make it shutdown
+# and restore to the operating-system default state (known to be permissive).
+#
+RestoreControllerDeviceState=false
+
+#
+# Device manager backend
+#
+# Which device manager backend implementation to use. One of:
+#
+# * uevent   - Netlink based implementation which uses sysfs to scan for present
+#              devices and an uevent netlink socket for receiving USB device
+#              related events.
+# * umockdev - umockdev based device manager capable of simulating devices based
+#              on umockdev-record files. Useful for testing.
+#
+DeviceManagerBackend=uevent
 
 #!!! WARNING: It's good practice to set at least one of the !!!
 #!!!          two options bellow. If none of them are set,  !!!
@@ -65,6 +107,7 @@ PresentControllerPolicy=allow
 #
 # IPCAllowedUsers=username1 username2 ...
 #
+IPCAllowedUsers=root
 
 #
 # Groups allowed to use the IPC interface.
@@ -74,4 +117,57 @@ PresentControllerPolicy=allow
 #
 # IPCAllowedGroups=groupname1 groupname2 ...
 #
-IPCAllowedGroups=wheel
+IPCAllowedGroups=
+
+#
+# IPC access control definition files path.
+#
+# The files at this location will be interpreted by the daemon
+# as access control definition files. The (base)name of a file
+# should be in the form:
+#
+#   [user][:<group>]
+#
+# and should contain lines in the form:
+#
+#   <section>=[privilege] ...
+#
+# This way each file defines who is able to connect to the IPC
+# bus and what privileges he has.
+#
+IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/
+
+#
+# Generate device specific rules including the "via-port"
+# attribute.
+#
+# This option modifies the behavior of the allowDevice
+# action. When instructed to generate a permanent rule,
+# the action can generate a port specific rule. Because
+# some systems have unstable port numbering, the generated
+# rule might not match the device after rebooting the system.
+#
+# If set to false, the generated rule will still contain
+# the "parent-hash" attribute which also defines an association
+# to the parent device. See usbguard-rules.conf(5) for more
+# details.
+#
+DeviceRulesWithPort=false
+
+#
+# USBGuard Audit events log backend
+#
+# One of:
+#
+# * FileAudit - Log audit events into a file specified by
+#               AuditFilePath setting (see below)
+# * LinuxAudit - Log audit events using the Linux Audit
+#                subsystem (using audit_log_user_message)
+#
+AuditBackend=FileAudit
+
+#
+# USBGuard audit events log file path.
+#
+AuditFilePath=/var/log/usbguard/usbguard-audit.log
+

usbguard-fixes.patch

@@ -1,24 +0,0 @@
-Index: usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp
-===================================================================
---- usbguard-usbguard-0.6.2.orig/src/Library/IPCServerPrivate.cpp
-+++ usbguard-usbguard-0.6.2/src/Library/IPCServerPrivate.cpp
-@@ -24,6 +24,7 @@
- #include <sys/poll.h>
- #include <sys/eventfd.h>
- #include <sys/types.h>
-+#include <unistd.h>
- #include <pwd.h>
- #include <grp.h>
- 
-Index: usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp
-===================================================================
---- usbguard-usbguard-0.6.2.orig/src/Library/IPCClientPrivate.cpp
-+++ usbguard-usbguard-0.6.2/src/Library/IPCClientPrivate.cpp
-@@ -20,6 +20,7 @@
- #include "IPCPrivate.hpp"
- #include "Logger.hpp"
- 
-+#include <unistd.h>
- #include <sys/poll.h>
- #include <sys/eventfd.h>
- 

usbguard-rpmlintrc

@@ -0,0 +1,2 @@
+# usbguard ships zero length rules.conf by default
+addFilter("zero-length /etc/usbguard/rules.conf")

usbguard.changes

@@ -1,3 +1,66 @@
+-------------------------------------------------------------------
+Tue Oct  9 09:48:44 UTC 2018 - Robert Frohl <rfrohl@suse.com>
+
+- changed zsh completion location
+- added rpmlint for zero size rules.conf
+
+-------------------------------------------------------------------
+Tue Oct  9 08:05:02 UTC 2018 - Robert Frohl <rfrohl@suse.com>
+
+- added signature verification of tarball
+  - add usbguard-0.7.4.tar.gz.sig
+  - add usbguard.keyring
+
+-------------------------------------------------------------------
+Mon Oct  8 14:19:55 UTC 2018 - Robert Frohl <rfrohl@suse.com>
+
+- update to 0.7.4
+  - Changed
+    Fixed conditional manual page generation & installation
+
+- update to 0.7.3
+  - Changed
+    usbguard-daemon will now exit with an error if it fails to open a logging file or audit event file.
+    Modified the present device enumeration algorithm to be more reliable.  Enumeration timeouts won't cause usbguard-daemon process to exit anymore.
+
+  - Added
+    umockdev based device manager capable of simulating devices based on umockdev-record files.
+
+- update to 0.7.2
+  - Changed
+    Fixed memory leaks in usbguard::Hash class.
+    Fixed file descriptor leaks in usbguard::SysFSDevice class.
+    Skip audit backend logging when no backend was set.
+
+  - Added
+    Added zsh completion & other scripts to the distribution tarball.
+
+- update to 0.7.1
+  - Added
+    CLI: usbguard watch command now includes an -e <path> option to run an executable for every received event. Event data are passed to the executable via environment variables.
+    usbguard-daemon: added "-K" option which can disable logging to console.
+    Added zsh autocompletion support.
+    usbguard-daemon: added "-f" option which enabled double-fork daemonization procedure.
+    Added AuditBackend usbguard-daemon configuration option for selecting audit log backend.
+    Linux Audit support via new LinuxAudit backend.
+    Added missing RuleCondition.hpp header file to the public API headers.
+
+  - Changed
+    Qt Applet: disabled session management
+    usbguard-daemon console logging output is enabled by default now.  Previously, the -k option had to be passed to enable the output.
+    Replaced --enable-maintainer-mode configure option with --enable-full-test-suite option. When the new option is not used during the configure phase, only a basic set of test is run during the make check phase.
+    usbguard-daemon now opens configuration in read-only mode
+    Fixed UEventDeviceManager to work with Linux Kernel >= 4.13
+    Refactored audit logging to support different audit log backends
+    Made the configuration parser strict. Unknown directives and wrong syntax will cause an error.
+
+
+- Added usbguard-applet-qt package to allow easier user interaction
+- Added usbguard-applet-qt_desktop_menu_categories.patch to fix category
+- Updated usbguard-daemon.conf to upstream version
+- Removed obsolte patch usbguard-fixes.patch
+
+
 -------------------------------------------------------------------
 Wed Sep  6 10:48:23 UTC 2017 - meissner@suse.com
 
@@ -34,7 +97,7 @@ Wed Sep  6 10:48:23 UTC 2017 - meissner@suse.com
     Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
 
 - Updated to 0.6.2
-    
+
     Wait for disconnect in IPCClient dtor if needed
     Qt Applet: Fixed loading of decision method and default decision settings
 

usbguard.keyring

@@ -0,0 +1,187 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFl1/A8BEACeJdXstYB0gOj2LdvIL/wwusjCc/TwEs295Hqgq8qhN78Z4LXS
+HHO2r3VAQWMQN/0hmNb5MacrSjWMfv1wgTfAnRuEiV1UvgM9p5wEYYUc/Oy31vxb
+ZVUmyLyiFOwnL6pPP9rK3Z/LXP1gZmKAV0GmHL1c8Va1ZvTDJk9cIx565k0cDvnb
+RAI6mWnD1EXiwfh6ygkruOZ406kQ4CEQvKVM6mTd0eFuzU9C0SQUI5SZiXsuKY4D
+8eB9W/exKP2+02cbu8qjyginJhRTQUzNrVH0MUkV4r+s0LIGxCN/GTp6riI8svlR
+oSKt+7ISGbm5Srxy/KBsebkVGWpm9eiyQMYExOqmhfAwAdvw4r7BkAL/CCuX7f4u
+dHoJIqSCaXyY8lXEvDq8eLEm0Ty2ntfB1bWT+kfd2bEzQcKQXFporGh9VWyuAPs4
+G1nNvZjM1VgkLRrDyLYrTdt+MizAnjqc5ZzBEqLVfYHU1pfgYPuAtSIqkCh0JnVH
+J1JLxGjTx2AideeW1CKC6gCoIL55+/JrK7dKR5P/j5s+Kk8pOrOkQkkLvMf//PrF
+lqBj1CYKrGsqccg0SeCwFIr3nCofji1W+vyZRbAxWz0c/Rev1eJc2k9rUOh61a64
+mXfZnUuh2pGP5gB1hHkmlvY2+S/CUs7HB8bV5NPme7b5JMwcYrRIrHSDxQARAQAB
+tCNEYW5pZWwgS29wZcSNZWsgPGRuazE2MThAZ21haWwuY29tPokBMwQQAQgAHRYh
+BB/mNI7eqCWiKXDlxI3TBA8SPMP0BQJbcLU5AAoJEI3TBA8SPMP0TUsIALHp7c6W
+MznqWzWyHQiKGJxYH2iaKwoBXUQzurscocR7fRZaJTdXcrAjw+YiKwdLVyQEqZIn
+eCujPIQIt1hxVro1Jq32kYIvPlQWSz8yykQVL/TExIDyVueLU1A6JnNBQLvP2XDV
+sM8BJc8rtoWC/1wc2Vps6f8QS0oE0G/ocZ1uV0Gj0XEH8zJ+0m/K0uw9YnX5XgTY
+qeiFgz4nUqRxfxfRY494eQS0OzBp7j2iiQMnmw4YMgU+DiURvYuTHVpBHVMlnhHr
+jU5JpIiTw6VnJgeLKC9+aWabmaxdOS3Gq5D+fVarZXMYBttWB5kncvfMIBSVUwZy
+WKlSo3MyrrLo8OCJATMEEAEIAB0WIQRswFHTwdmkr54mDFjT45SsdE4uuwUCW3ha
+DQAKCRDT45SsdE4uu8fUB/0VZxBevmc4jetXxFh2+9cmtXOYLuhUjQa2/OwRmEO6
+INVYzgkcm/BCNCQ8aYUEcyof/LJHH6nsVMLHs83STjAlkHUVjmJfMz8mm2szIuhH
+UGWaTbE+cCdAA+dJA2qqhObL1Q9ZDkcIF2H+4Wc5RJFPqif7wN2TzivLdMuckO1p
+fQV8TWBODc4K+GW3jwKmhL+/UZ8LNfERSPI6D14AQ+2qnkAB3zPEL0gRpzzmv2EU
+ZZBxNvDMbK/EGaJfiJxI737QA8P0I9Igy905Zd8am9IxbPt/M2g1CrR5ateVxjTG
+a5Mc18gW1RhCfXo21k1YvDZLIQR6m9vVcRHwz51Pq8GPiQEzBBABCAAdFiEE9n59
+boAPJA6D68hn/2rJpkZN8JwFAlr5kDwACgkQ/2rJpkZN8Jyv7Qf/bXBBoU2i911p
+vEDNx1p0GB3SRa+JUhXpzSJHkM7O4a1PmPRaEBiX5fy4pNwWeJ4V6s1dwK8GDUTm
+C+FZZCj42OlbxaiZ+nYkKKmOUpP5S1oqPGjCwmJ03MYqoV2i7Ht7Dh9XCxyLQiKf
+pynlKRpnUaUNyWKVdCQHkH1bIrKhVRhGqLpQ748OnOdCdTVfrzTEZA/NzFEMaFIe
+tLOR75pWKvsxd/qu1P6IGHdaI2SF1Bry7EnZoUSXjfnmaYo/mblx15ZsRH3tzIbR
+TWJUm88UJJMNiDN0dZ3V3fyyX/cbWP39HrdAJLcrl9yKj/hskp0J4POfECickdHv
+C5YhwzEuO4kCVAQTAQoAPhYhBEMMGSiWAVfMRfob66oGEgUwrgRmBQJZdfwPAhsD
+BQkJZgGABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEKoGEgUwrgRme8EP/jX8
+4SGkTJHHyn9b+ay1fs8WM1GvCYt1PayGc1FaZmERzS2VMpmCMZyN/d3MFmxL+MZs
+wXi0z8Y4r+pai2SIeSshDafLY7C6H3O5vbzQ9UxY/Id5LO/iZBokBbvFH+PS9EUK
+7VLDZX96NZvKGbwDGDSGueKqVSbbzaxjM/+vgBKtKL/9h/uECsdqhE4MEF0IpMZb
++zz9aRsk3t1jLIVObI/zsW27yI19taEUHeVLGDCTVhHGa/Dc4iyXtAEn0EzMg0ID
+XrAEg3z3L3wMkp6Rqd1GGVlHP10ASj7tro+7CJUYIiuHkgGPtUhNZZE9A1mv56UM
+vWNE6lqrlDYYkeIfJT7u4inj3fLfNG74kwFuZ9sR0FLO1VoTQ5vY5OzW9qXltsiz
+eljWSLCxXn8Ie93+5lZPDynzWNoLo4OjvE8jS1cjrN+rLAxE9yrSRR0pEfErGwZk
+J4EAe812BG5/Kj4EvYCUTiWlRlh6gI7hTFannlciPSnenCzejNNfeFVEgP2Ig8Hw
+5D26yoSi5+Ffs1P02uyWtO2cF/BKQF8TJ8ZI52kNgulEdAE6AZc+UQei7D515VNi
+tbZ4XCJfo7T4AnSjXulwa++LVDJhU9QHxzz5h0lv7B+Lfe2Sz51qhCqfG1CNkxdg
+yr6fy8FHeFCFeW2OgBcKuFbZ4oo/O0PX7uYXLCuouQINBFl1/A8BEAC33oSJW+/m
+6iDZ7UJTCGkihCUU0FNqvP20v4o7fraH5u6zaJJ8kDYOXW4C+2PcJJpaSOV+prmZ
+zm00g4Qh0k1YpR4vUH+g9AfFvtj5znA/wnb1MyA/8yVkzTcfR/+kLFyUWMfn0E7O
+skp1kMY63roiL+9YKhOP9a75+E85RX6trkrbJ8oatGs+oxbXCzcmfTGSkn2CQN8f
+SVpA1UjNgn+fy/Uc5LTPfLZCPzzXtmLg5jnhQCQy2OG+EqFWRxanPhfS3J61/q2i
+uXNLaqaMDS9pgM9Sv9YK1/S1uxv5BfOpde3AA+oeFs3V6AZHPPaKafPute7s488O
+xDMlPeLs+293W2KBC9SuAKT4t8TiJNsn5plj53bZVozKJEGCOw3lwg753F+15J8U
+jQl8PGAs9z7h9Ub1cfbHMTT6ogiLNRjoexCa5yRGWeR0KnETXQRyyuQBG8SjbmJE
+9AVaYXvYq1ypohkwYDM3v/2GaXuaSrC3JypaUmCcFwv9LlfspSzDJHB3v/wsEkUx
+ehSuM/Q5dgPuRxBQIDW91cdyHulXoCsGcbmnihaZgEKIZ4O17G1sNpdnUKKkVO/2
+BMgzqnEMNY7p2Y3lZaz6wzp+owuWlStn68umyLhUMnwzdJMCcfe1jRlfwnxHa1YX
+QmjWfMX5kNencyiuWOOLVX2MFYuG9wlxdwARAQABiQI8BBgBCgAmFiEEQwwZKJYB
+V8xF+hvrqgYSBTCuBGYFAll1/A8CGwwFCQlmAYAACgkQqgYSBTCuBGb8Ag//RiMs
+Tt1IB3BDUHzT82MbJtUrPVrhl4jZmrcUl/r4G/XTU5S2JCoNzYsDmuvtHftuewzu
+gAwiXvRDZHivKZowXEd4yNcxLEqIWD4Rrbiw/mvoMSTLDnPt4rOBFzbZ30FNg2l8
+Njm3kcpnBtTHAb+0ZfiH4DZPn0XOvY9qOLLZhqvM62hM3uiQHjSmgr2i2KOADka/
+Zj/jZV4N0aBEYyD+234bOn/AjGae7QZFMTDA8AediDy4fFw/tBDFQPKsvxME8KF7
+huQSvWD6xyFrNUfOVpofsWzMglyD/Cht6TZMrnrbaerSNHoNC3byiMgfRWBknxOK
+iZXp542tz2SGjf6Gq2prxYmMTpCNAifDamOO5HfQDv9DmHu2eIoDoUTeB1Ywu0Ns
+liviMlIU86s47RclPX2jp7gURR+vdTzP5PKNCMFCt2/odlnZmbHgG/h7sFvStUMa
+upbNmJDs6D7b6Z4EfPtDl4K3KnNAkfHpWRRoDxO6qpt77Gc4uoHyZWRDKxZKU8NO
+JIFfC4wyxKV9Nz6an7r+NtUAANB355cxS51fXSP6ceNWpcSXpqmI79PYRhAVQmKh
+ZdrIU6qtFM4BTqsPUL3gHTMMakf1oEshx0dDbiQutlAD9HvG1MOd9WFD6s1MLG6U
+LmhEkzyMPxMr78Qz6fSV6kQkC6sLpQbC2gv0x4S5Ag0EWXX8pAEQAN49KL6jWwod
+Z8QfYWXKdu6nj61WghQYHrmFURI0LagyJF2wI8YDODaTo7+ERB4rJD5SKilk3KoG
+OwvrP4AsYK+Y1p5G2f3LgAjSsZhU+RgmxO6TdqQr5ySNChXw7n0jC1qFiT1O30dw
+BLrg6KvhJEdxRCxmnwKYd6O0cwffuh3oto/u/E+ByhHE6cRwK9+srrfryH1qWVIf
+HgnM0Ii9/SLPmiqsOfEn+gpNrpSgJtj4ll0M1GO8qWuEWGyuH7eIctmrJuCzjIrv
+rCETKBbfi76fQawIdHyGQGjLznV9d5iKiaYQJlPRz+8Q+01QidxRlOsIHLM7kj/H
+VJTQZhfxpQfRhmno28GIioVSFtaaFjANqp/IW+vQDxQzIBfoWmCRdzJe/uqZEmNF
+fZYX3e61BmAgMVorXDASrZrQLyN6ZdYXhxoz3JzUu72CThoC6Am91Ash4NDEazFh
+C6Uw7QRb+s4un22ric8EFF6ytsx0RjsdQhlpgiQPAUMK7ixZrzSzOkxgCPhPDy8R
+/g2//n8m/DsEZy8guHXCloo2KiSR8gaO/axBrZpildUQXmYBU0l41Ajk+TuHEE4i
+MyXEES2sJWul49syx6yNyJE8d1ERQ77W/dxVEwAI+f7NzUSzn53/fuL8wmZVagAw
+9y+knXp77UX21CAwB3J7wYJdbay4fiWrABEBAAGJBHIEGAEKACYWIQRDDBkolgFX
+zEX6G+uqBhIFMK4EZgUCWXX8pAIbAgUJAeEzgAJACRCqBhIFMK4EZsF0IAQZAQoA
+HRYhBHfj2KJVtdXB+owmGzKid+oJFNJMBQJZdfykAAoJEDKid+oJFNJMpw8P/1V0
+zcPg8slsNQIska0qF6bTj8oN1iBlua8LZGvNM3/8x9hgx9u/uVN2vFmRBTUqd18t
+d7Gk3uTOMxHz77F0F21N545CUSYFpMHVfrNtMXihPgICfV9ZYj/ktqlceRZJ60gr
+Q8Ccnywy4S03EaumLqta4AeQRbHBj6dsH5MNekNxilGv1h+N2kRnlidIBRZ5fDGb
+EkkkBfxMjlCfhb/ICP05SJFfVoUWKv6mwtaP0JRYiCrh1nHXyGwhh9GigmTls5Qa
+UMhRWf6iVO5QyS8BBsL7XxU2hTtInsE8KWYVwrB96CjQ/E+twZoyC90onPAPN1fj
+53I+5R/q90O5icqUO0j4rx2FWMDg70COwLFsrA9ATPxll9vdlxbufxsyBrSHp9cw
+ZCmOsUJ3IsV5GWuCqqfVX5TQpkV489PrVTqIha2QpT2gWnCrjKNlTUQojzkopzRr
+kzd66jGcIZcIqDfXIPAVgVwGGAh9JM7CuVCQH3wIijZK4/URLNC0e3SrizTi86Wu
+Ie+rKpZ9l9rZYuj2HbNm7vuk8E+xM/Wa6fJuGYB0tvKw7UE7XjO6rPgNNzTiIh3k
+KvBZvm5bSuH29DaG+KusPBT9jrdnbVYLNfqZUYFFwGxYNBATeFdZzokx3+6aWO9M
+PeahDgcJVlx/7HvhQ33q6KrNHfS8H33MHKjYK08+X1sP/3TIv0qvY1nLlN7yZn9G
+kP/GGu9ALt0nrM2ZBMfTNl3+WF5DK8MqOYiIDqXtPBdptHZ/xJ6bvTPqSdIsCnA9
+7HrsIamzO0BETfBtivlmttE7TEXpW8u1mKBEOvAJhHWFL1YhLUD+/rXtljhj2KPR
+vdfszpa22mr4gJk1BY3D/ekxoiFXTWRYCH0nB9mRDCxMAui6GTo6nxgNpJDLtVUd
+z1jovzD6qBrC+hk9/fOzzzoZZ19vw8zuloQVJAFsORzd1umvjuVEt1Bp9Gh1nnzf
+leqIpaqc5G7UnTfB/PywjvliGF0ndL3IxIXlnupdpTtiLh/3ojrEzYMhM+ABbq1m
+uYr7k89m5Fw8Row8bKA56hfpA7Tk4Ifez+tKPEoV0s4Wo+1/0Q6G+7Yqt8+AfpZS
+4oOgOD5RRUCMfTUoggeQSpfbZTvrJwJhtoh+Ak2GC7B4+R7nO+ch7YQMff+IMfz6
+ewwAXxQFEhHhkrHh31n/hML5pfmQXRkMjE+dIOjNyqDTVc0i6LMNK3SvAlIKL9rE
+mjYqgEwdvOk9lzOpUmUTOLLt9/TKmBGoZxjEzhvjf/+HgN+7bxZe3U4//GwspXRj
+IQ0fmTeCI+EMd/Kue9mRs59MtmcNktYJMpuRqnGJ+j8eDx8TJ9XgJvAzfiZbPPCC
+J720zNZpR7qAQssadU5EI9sguQINBFl1/OoBEACw7RGXKp1p48ffX27kzGvszhoX
+9MQ7SX0J10g57JQK49Oyj1bMjoYi64Z2sXMyydAAG82bWO8dXlBAfCla6eyd5C47
+Fj+34sJTievShLkGP0CHp4TGQMbzMJGy3FcglgQfnYnidqdzeK0ksR8xWrtbdcsv
+Uf4nH3HV+MJKluepFFDG9Ms92U9sgyd18Dj2y0ovGRlADC74MqdzTX4AAwKhQ+G2
+2WE8sPGv45yruogLX1zFcgayCGkEXyDvpitQtoS8xRGAGWoE6bjLCuaT5wF6jNw4
+PKfkgroAyy3jLQ+jp3tfBkL0UccVwWKfq1L9PXQ4mpFdxANa2isPddjgH4NxLa6V
+asVQ2/l15tE5m8KscER5sR30uHkRE46tg8fnndl24amlSuSpmT1mGFVL7gpOKNcr
+DT2agmgp/shJnnPzSZFMy2AtsDd7kKrCQAZhEGdkNpDphq0xwy4G6M+FEgBUoph1
+Og8pa4moAHp6mRKJ+cxy4FlVgFuYBO/711qttzDfGGv2jUnt75sZ7yz6NhUiDaKj
+CEK6h8oc78cl2QJPa0DMHlXj6l9ZpSwctMGKtgavZR2YB12bBnbXUadxrsSbNTh/
+na3fWTfq8vD3/QVCWxYwFSLLzUIkN2c4j6z3U3fF6IvDOb3DEvOoJ0ns2b8xaT8P
+MeZ+i5rUb5eP3gGrRwARAQABiQI8BBgBCgAmFiEEQwwZKJYBV8xF+hvrqgYSBTCu
+BGYFAll1/OoCGwwFCQHhM4AACgkQqgYSBTCuBGbfMQ//TC43IuFukPZO7gj/azjg
+pbecrqx+JEhW1oITNihKw0EzM9+Zd8ko0pYOLYkuNGiarEKeJ2GcOLMxuU9n+kmI
+hMeMPXRH3YrbZFhWshU8uywz1UuDex7VwXM4WA6+9xxaO3AJMB/PWqI6b8IagfAj
+SxZnsxOPg+hWYj56uah3OTJcRdKSzExOLJIQkL0LOyjMNHI+MwqRNe59Dc5k0d9j
+kQzuW8lS862ryiiJZldl5Uh+T05m2FI9IN6BoXWFsO/KCmgV2L5s4EwUwK/gcREN
+OGB42gL9sMhaQ66e+JG0LDOsMcQuhHHPJLCdaXCen2rbfe7kPjYPSWWY5p9tnrcB
+MboBxKNKUy4yegabZZ4DWfuVhOhVPxy0e7IQyH6hEsyOEePL9MOtd4PNWLKrZb3D
+TGVrpOogD6Mf15nHypWEpkoOVrKj1VUo2dE5iEHcL5iiyJYKMJPwiumxDcpzCt07
+4RNYokL+cxsR9zhC23/GiJWheklBEQ7zh3QibkT1SYHiXrGed5i+SDhRfj3BTUa+
+hgdoNiA0UrUJxhLUDjlvGJHHPWe+wVHJ8uIHS3cvAKRMtUbPXfRJ4X3GKGXuI4kr
++d+jB4Wh3dYgFW7Lr9qNNwqvNeOdvQWzAXzqNmaxNI8hF8+tVeitely/J5rORgly
+JkYzFB8/M3WsHmxbo/BamOy5Ag0EWXYCxgEQAKhRUO8R1Q51jVdROVI7xKuni1r+
+JiTI7GEZCTPazUVERT2R+BzHwQe50XLJc7WmelZFFZ5YOugrBFvoUXfhW4iZRETU
+KwiGTG4H+HaGLO4HQ8cM3S3Ke9oV4U35ye85IpampOFwz796mFFBawPoQ1dT8kyQ
+awYVB9O9JyagfznmNj+k2OJnFXsNSRFSKrWvNEPGAoydl1HdJoxXflfn4xJyp8v7
+ycsil3r1gxcxDMZ7+UsXPaj+LVyYDJDGk9WIIcPQH6UE8xVlqsEIzy/KF/Ub9Wms
+vf1ndOtn8C/6HMwCNQzgqGMBj8yUPnU+P3hdur8Rr4S+CvzfTrJXlH+edkx7XMkh
+iIskkjsOijKO2ARxSlYgQxY8HWUfioZfhSJ8TLomgXi411qeTBFk8NKXAVHKTFG5
+rx5xUm4TV+nMKVymR3byY6sEvRTLespSWmWAOWlTMjyCJp2vV9WJGxByeD/tORBU
+vhbzBFIaPSjXZSTcgH6cUCRH6Gm2Yd6iLVULZT6EZdXeCJZ7mQPZBRqPs1KHtGg6
+d3SgTsNnPxAwNL/j9FpxsWMLGFBTlzezmLrJyYvbyyCJb21gF15j90dusj964xYn
+TsyFtHpLpzruJcR01Sw6cbcAXpp5FyREQARdygBMVDcLyD92RWP6KmSh+Xcm1Hya
+Q3NMy+tfrllf1r3RABEBAAGJBHIEGAEKACYWIQRDDBkolgFXzEX6G+uqBhIFMK4E
+ZgUCWXYCxgIbAgUJAeEzgAJACRCqBhIFMK4EZsF0IAQZAQoAHRYhBLY1Pa6RV7Av
+OLSEC8s4YHUVN5xpBQJZdgLGAAoJEMs4YHUVN5xpUL4P/3lm1YUPUitdMKNTVQaF
+ZN41nIzXYTv/yRRygl7yVabkcZYJ3CrjdTM/TfQADORn0q3NpzdFsYe801x49UrA
++yIwB/IogFncvREfuW5KVFLaj+EHyMoGzNCyuEcM379VYAuXE/ghSe/1sfeLluug
+ikxhduih07mcPn/H8U4VFIDRyxDeWS+ZbobWrcEH6No4knqRi4yInsgVUkNMml0i
+UBA8UM7ieN+ioFRCZZ9ul01jOKUjZRzIKcQvcLE8001TrMoAqeS39O/kEfxL6qgE
+YPjZtvQv5RAb83DmjT+A3BJmlS3mN4UiYD3+Wk9VTafyTjKJed48BaKws81Jampu
+OdPorwoxjkdi7owTg3k9BzkZMwLtIBZ0KOzFAN8c1vuDk1CfHQQKz4g4DdA9HNCt
+HiKlSd/CI2Mmy8hVkzAOnrVMZ1VePNdIUcd+YpUQR0uKeaTFRM+mOAnLFd2mnsPm
+eaFefRkCho2G2TDApYEAhIDi6v0vg+KCl/oodA/T4xAzNuz+xWs+WUv06UBvWPKR
+9ZZFy5wzaPch2h6xm+bCuvM66nj1EN0pe5umUFZrp5QLyD1PiN2LRfyMtzXftgSw
+GciFf20iq2MqKEvqzykdEzaS7OreEtQLIGhrAzWZ3v2MAQFVTaPqlunkHju4K4y2
+Oq+EH55xajEOUsGeNRb4ykf0C/8P/1wwKoe7+4q8841E2Mb0RyNyrGMA5YLJa9Qt
+3anzBcsSu7qTYySmhpPVTCqeqZ1bJoS/ujqezCHwvtKXbkysRWWyMgUj5dVRs1IY
+k9SUfQRI/HHq9r4mUgr4kRDdhvU4RWD63ri1ZsuD0xlp1zDCrRxVkm9y6UQf/9kT
+N7Q4AsT4qNsMENEejbupvL1rVmybgXzDcabzTNcwiAMxaLjoALLZXhkXC1Bdq5kt
+NLI2r5++tpYrOS3CvIc95C1Q3ETux5Xuh6FwpGJdXRFcha1FBMvvNKMW7Ky/l87Q
+LB1JMO6lFpfnry6El2ZMK/k3LyvWGTYu9hn7M4sVwxGHo/frN5Xo/+iVTwhjHbGv
++8gSO8Vqh65UBLoddleCP47j2DpdD0lceQDevV3ltxRA8fJ8Y4yyGHf62MB7MlCY
+HYYWeMhwBHPkDZjUj2KeXl3zxvaLBdzbGXN8bwG1vneBYDSwBNGhIOGq8tKWKpKz
+jVSNeDfY+IZ0Va/ZWejpZkpggyulQHoDiC6uG61qnjs2edepmtS6KQd5KGexpH+U
+FMdZFcBv+6Ca5Z9Z169ajhfRu+md8QTxppo3f4lBbX4hTCbF1uNmnJtU61kylULB
+IgDGw8IVIupvhnZ/8zo6Us8f7g78aUAKf/s5SKr5mse6MpnGp3Rhi2lJgcg9QjAm
+zkmejY8quQINBFmIR1EBEADGA90QPbf4XqyZgHEfIsQzIPavZftqoUMhR4K19OGN
+Wf1q/lgKDRmwQ2fiGJCgd1LUAKQa6JVtgVabg1LxBC7KqssytU9tgKr3PgxxCXoZ
+03yZaDt10stZJfi8996e/5oLvnh561O2w0OegMARxY1wdKVa8f2RKEYRM1WhhzaZ
+a3R8cdJF4cb0ANg3/jfeVtWBx5Qq5XtNZDVh2ZdGD69y4HOLuvZHOQJLUdPCksUO
+PxFuvSdJYTkVTgkYhQL8WYo1EXW3clsykJeVTKAtrA1MCtkDt/pkLixcl2uPF2ov
+Dj5wxKd1CCM0Kr69WJHBhFuWrcWZjvsJhQaZ634b1kyY/+nYeLRL23wnEw5FQExu
+rWIgasW6LGPBT4OJKPy5DNuBE8SZm7WNrjNqkQMysQWch/Hs52M741TAAyAeoYQP
+78XmbfidtCKo8DIM7UQk1OD4N12hrg3bTcZ0F8oKn0aGn8rQXxwSZA8b4JPYYChz
+OZLxUrwo5sM+byD7gDgeVWNtXE104FLd8UY0wgnMuj0MF+Eahsc+1MSVv0D1TKkY
+JassBGIymW0pWj1BD5ijrDC9J13EiCpT6H/JQVtKLCE8U9V87EM/lezV6gliyIG5
+JiduulRsVK4ceNvUxIwr/nI22bi2Z38nFvYQdv1jFFrK5TYqwdIWvHq5k39YgKxf
+AQARAQABiQI8BBgBCgAmFiEEQwwZKJYBV8xF+hvrqgYSBTCuBGYFAlmIR1ECGyAF
+CQHhM4AACgkQqgYSBTCuBGZurA//W5GNhnOszMaGG4VyYwK8IuN0wixwqkVQ6dIL
+Vr9dfc4yYRpE2t2ZFh0yparw/6fmHuuVnGwd9mzKLXQ6lR0n3lEKZkZW7PRpKC/5
+NVZLD4vf39RAIgp2phLeoMdkPiU94STbi5kZbHmgv/pnypwz+JiGD2lZohsJZE24
+mUgN/XV3hDbAP8TGLCjIykZ/atY6bBY04Z9rH/6DdYUzP32zpDvBfUEZx8MYlns/
+MhGORYcZhrKV2fqUurYGjFI0lsn+LVQZ1/X2RMWZRjAI243jljsT5bv93u3hUiom
+R0LDOViTt/zS5hH30pa0sb2v7wNQLz6ZcFGzyNzJtF6AB4nWsnWAwShvj+sgvfLY
+JR8Sfp9LBXSePN5zRQrnayd9CO+5Fh41tYUnAYie6ZKe2QZgv+h0u3bli5kk5B6s
+LvoTCpVa34igHTvmJUgyVdIsnslTAg9SXi6qucyriWLYBH+foEor44STadC9FpmZ
+aqHox2/dBNZT2F29t/2O4ku54DDMQaKeWeYf+Ybvyf1Y7zdRZAY1Nf0I9Gb+aLZX
+i5n0VZ30fEP9OBSVG4IBYTqQDhLypOC6Rsy8uy5BsVPPY7VJ4goFqLmQfGOiemFr
+bdsIzEX9aBY3XzMdWBOuW638i/vCvdECZrd9rLMzjRqhdNRCfoompurrdXyDGb65
+EaBreyU=
+=o65v
+-----END PGP PUBLIC KEY BLOCK-----

usbguard.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package usbguard
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -21,34 +21,47 @@
 %define lname libusbguard0
 
 Name:           usbguard
-Version:        0.6.2
+Version:        0.7.4
 Release:        0
 Summary:        A tool for implementing USB device usage policy
 ## Not installed
 # src/ThirdParty/Catch: Boost Software License - Version 1.0
-License:        GPL-2.0+
-Group:          System Environment/Daemons
-Url:            https://dkopecek.github.io/usbguard
-Source0:        https://github.com/dkopecek/usbguard/archive/usbguard-%{version}.tar.gz
-Source1:        usbguard-daemon.conf
-Source2:        usbguard.service
-Patch0:		usbguard-fixes.patch
+License:        GPL-2.0-or-later
+Group:          System/Daemons
+URL:            https://usbguard.github.io
+Source0:        https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz
+Source1:        https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz.sig
+Source2:        usbguard.keyring
+Source3:        usbguard-daemon.conf
+Source4:        usbguard.service
+Source5:        usbguard-rpmlintrc
+Patch0:         usbguard-applet-qt_desktop_menu_categories.patch
 %{?systemd_requires}
 
-BuildRequires:  gcc-c++
-BuildRequires:  autoconf automake libtool
-BuildRequires:  libcap-ng-devel
-BuildRequires:  pegtl-devel
+BuildRequires:  asciidoc
+BuildRequires:  aspell
+BuildRequires:  audit-devel
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  bash-completion-devel
 BuildRequires:  dbus-1-glib-devel
-BuildRequires:  libxml2-devel
-BuildRequires:  libxslt-devel
-BuildRequires:  polkit-devel
+BuildRequires:  gcc-c++
+BuildRequires:  hicolor-icon-theme
+BuildRequires:  libQt5Widgets-devel
+BuildRequires:  libcap-ng-devel
 BuildRequires:  libqb-devel
-BuildRequires:  libudev-devel
+BuildRequires:  libqt5-linguist-devel
+BuildRequires:  libqt5-qtsvg-devel
 BuildRequires:  libseccomp-devel
 BuildRequires:  libsodium-devel
+BuildRequires:  libtool
+BuildRequires:  libudev-devel
+BuildRequires:  libxml2-devel
+BuildRequires:  libxslt-devel
+BuildRequires:  pegtl-devel
+BuildRequires:  polkit-devel
 #BuildRequires:  spdlog-static
-BuildRequires:	protobuf-devel
+BuildRequires:  protobuf-devel
 
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
@@ -57,7 +70,7 @@ USB device attributes.
 
 %package -n %lname
 Summary:        Library for implementing USB device usage policy
-Group:          System Environment/Daemons
+Group:          System/Daemons
 
 %description -n %lname
 The USBGuard software framework helps to protect your computer against rogue USB
@@ -66,7 +79,7 @@ USB device attributes.
 
 %package        devel
 Summary:        Development files for %{name}
-Group:          Development/Libraries
+Group:          Development/Libraries/C and C++
 Requires:       %lname = %{version}
 Requires:       %{name} = %{version}
 Requires:       libstdc++-devel
@@ -78,18 +91,28 @@ developing applications that use %{name}.
 
 %package        tools
 Summary:        USBGuard Tools
-Group:          Applications/System
+Group:          System/Management
 Requires:       %{name} = %{version}-%{release}
 
 %description    tools
 The %{name}-tools package contains optional tools from the USBGuard
 software framework.
 
+%package        applet-qt
+Summary:        USBGuard Qt 5.x Applet
+Group:          System/Management
+Requires:       %{name} = %{version}-%{release}
+Obsoletes:      usbguard-applet-qt <= 0.3
+
+%description    applet-qt
+The %{name}-applet-qt package contains an optional Qt 5.x desktop applet
+for interacting with the USBGuard daemon component.
+
 %prep
-%setup -q -n usbguard-usbguard-%version
+%setup -q -n usbguard-%version
 %patch0 -p1
 # Remove bundled library sources before build
-#rm -rf src/ThirdParty/{json,spdlog}
+#rm -rf src/ThirdParty/{Catch,PEGTL}
 
 %build
 mkdir -p ./m4
@@ -97,9 +120,10 @@ autoreconf -i -s --no-recursive ./
 
 %configure \
     --disable-silent-rules \
-    --with-bundled-json \
-    --with-bundled-spdlog \
     --with-bundled-catch \
+    --with-bundled-pegtl \
+    --enable-systemd \
+    --with-gui-qt=qt5 \
     --without-dbus \
     --disable-static
 
@@ -116,14 +140,18 @@ ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard
 
 # Install configuration
 mkdir -p %{buildroot}%{_sysconfdir}/usbguard
-install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
+install -p -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
 
 # Install systemd unit
 mkdir -p %{buildroot}%{_unitdir}
-install -p -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/usbguard.service
+install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/usbguard.service
+
+# zsh completion, currently needs manual intervention
+mkdir -p %{buildroot}%{_datadir}/zsh/site-functions/
+install -p -m 644 scripts/usbguard-zsh-completion %{buildroot}%{_datadir}/zsh/site-functions/_usbguard
 
 # Cleanup
-find %{buildroot} -name '*.la' -delete
+find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
 
 %preun
 %service_del_preun usbguard.service
@@ -142,22 +170,23 @@ find %{buildroot} -name '*.la' -delete
 
 %files
 %defattr(-,root,root,-)
-%doc README.md
+%doc README.adoc CHANGELOG.md
 %license LICENSE
 %{_sbindir}/usbguard-daemon
+%dir %{_localstatedir}/log/usbguard
 %dir %{_sysconfdir}/usbguard
 %{_sbindir}/rcusbguard
-%config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf
+%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
+%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
+%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
 %{_unitdir}/usbguard.service
 %{_datadir}/man/man8/usbguard-daemon.8.gz
-%{_datadir}/man/man8/usbguard-dbus.8.gz
 %{_datadir}/man/man5/usbguard-daemon.conf.5.gz
 %{_datadir}/man/man5/usbguard-rules.conf.5.gz
-#{_sbindir}/usbguard-dbus
-#/usr/share/dbus-1/system-services/org.usbguard.service
-#dir /usr/share/dbus-1/system.d
-#/usr/share/dbus-1/system.d/org.usbguard.conf
-#/usr/share/polkit-1/actions/org.usbguard.policy
+%{_datadir}/bash-completion/completions/usbguard
+%dir %{_datadir}/zsh
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_usbguard
 
 %files -n %lname
 %defattr(-,root,root,-)
@@ -176,4 +205,14 @@ find %{buildroot} -name '*.la' -delete
 %{_bindir}/usbguard-rule-parser
 %{_datadir}/man/man1/usbguard.1.gz
 
+%files applet-qt
+%defattr(-,root,root,-)
+%{_bindir}/usbguard-applet-qt
+%{_mandir}/man1/usbguard-applet-qt.1.gz
+%{_datadir}/applications/usbguard-applet-qt.desktop
+%dir %{_datadir}/icons/hicolor
+%dir %{_datadir}/icons/hicolor/scalable
+%dir %{_datadir}/icons/hicolor/scalable/apps
+%{_datadir}/icons/hicolor/scalable/apps/usbguard-icon.svg
+
 %changelog