forked from pool/usbguard
Marcus Meissner
6cffe15166
- updated to 0.7.0
- Added
Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
Added RestoreControllerDeviceState configuration option.
Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
Implemented an uevent based device manager backend.
Added setParameter, getParameter IPC (incl. D-Bus) methods.
Added set-parameter, get-parameter CLI subcommands.
Qt Applet: Added Spanish (es_AR) translation.
Create empty rules.conf file at install time (make install).
Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
If bash completion support is detected at configure time, install the bash completion script during make install.
Added new configuration setting: IPCAccessControlFiles.
IPC access is now configurable down to a section and privilege level per user and/or group.
Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
- Removed
Removed UDev based device manager backend and UDev related dependencies.
Removed UDev development files/API dependecy
- Changed
Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
Extended test suite with use case tests.
Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
Fixed several memory leaks.
Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
- Updated to 0.6.2
Wait for disconnect in IPCClient dtor if needed
OBS-URL: https://build.opensuse.org/request/show/525970
OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=4
180 lines
4.9 KiB
RPMSpec
180 lines
4.9 KiB
RPMSpec
#
|
|
# spec file for package usbguard
|
|
#
|
|
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%global _hardened_build 1
|
|
|
|
%define lname libusbguard0
|
|
|
|
Name: usbguard
|
|
Version: 0.6.2
|
|
Release: 0
|
|
Summary: A tool for implementing USB device usage policy
|
|
## Not installed
|
|
# src/ThirdParty/Catch: Boost Software License - Version 1.0
|
|
License: GPL-2.0+
|
|
Group: System Environment/Daemons
|
|
Url: https://dkopecek.github.io/usbguard
|
|
Source0: https://github.com/dkopecek/usbguard/archive/usbguard-%{version}.tar.gz
|
|
Source1: usbguard-daemon.conf
|
|
Source2: usbguard.service
|
|
Patch0: usbguard-fixes.patch
|
|
%{?systemd_requires}
|
|
|
|
BuildRequires: gcc-c++
|
|
BuildRequires: autoconf automake libtool
|
|
BuildRequires: libcap-ng-devel
|
|
BuildRequires: pegtl-devel
|
|
BuildRequires: dbus-1-glib-devel
|
|
BuildRequires: libxml2-devel
|
|
BuildRequires: libxslt-devel
|
|
BuildRequires: polkit-devel
|
|
BuildRequires: libqb-devel
|
|
BuildRequires: libudev-devel
|
|
BuildRequires: libseccomp-devel
|
|
BuildRequires: libsodium-devel
|
|
#BuildRequires: spdlog-static
|
|
BuildRequires: protobuf-devel
|
|
|
|
%description
|
|
The USBGuard software framework helps to protect your computer against rogue USB
|
|
devices by implementing basic whitelisting/blacklisting capabilities based on
|
|
USB device attributes.
|
|
|
|
%package -n %lname
|
|
Summary: Library for implementing USB device usage policy
|
|
Group: System Environment/Daemons
|
|
|
|
%description -n %lname
|
|
The USBGuard software framework helps to protect your computer against rogue USB
|
|
devices by implementing basic whitelisting/blacklisting capabilities based on
|
|
USB device attributes.
|
|
|
|
%package devel
|
|
Summary: Development files for %{name}
|
|
Group: Development/Libraries
|
|
Requires: %lname = %{version}
|
|
Requires: %{name} = %{version}
|
|
Requires: libstdc++-devel
|
|
Requires: pkgconfig
|
|
|
|
%description devel
|
|
The %{name}-devel package contains libraries and header files for
|
|
developing applications that use %{name}.
|
|
|
|
%package tools
|
|
Summary: USBGuard Tools
|
|
Group: Applications/System
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description tools
|
|
The %{name}-tools package contains optional tools from the USBGuard
|
|
software framework.
|
|
|
|
%prep
|
|
%setup -q -n usbguard-usbguard-%version
|
|
%patch0 -p1
|
|
# Remove bundled library sources before build
|
|
#rm -rf src/ThirdParty/{json,spdlog}
|
|
|
|
%build
|
|
mkdir -p ./m4
|
|
autoreconf -i -s --no-recursive ./
|
|
|
|
%configure \
|
|
--disable-silent-rules \
|
|
--with-bundled-json \
|
|
--with-bundled-spdlog \
|
|
--with-bundled-catch \
|
|
--without-dbus \
|
|
--disable-static
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
%check
|
|
# while we specify --with-bundled-catch, it is not there :(
|
|
# make check
|
|
|
|
%install
|
|
make install INSTALL='install -p' DESTDIR=%{buildroot}
|
|
|
|
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard
|
|
|
|
# Install configuration
|
|
mkdir -p %{buildroot}%{_sysconfdir}/usbguard
|
|
install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
|
|
|
|
# Install systemd unit
|
|
mkdir -p %{buildroot}%{_unitdir}
|
|
install -p -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/usbguard.service
|
|
|
|
# Cleanup
|
|
find %{buildroot} -name '*.la' -delete
|
|
|
|
%preun
|
|
%service_del_preun usbguard.service
|
|
|
|
%post
|
|
%service_add_post usbguard.service
|
|
|
|
%postun
|
|
%service_del_postun usbguard.service
|
|
|
|
%pre
|
|
%service_add_pre usbguard.service
|
|
|
|
%post -n libusbguard0 -p /sbin/ldconfig
|
|
%postun -n libusbguard0 -p /sbin/ldconfig
|
|
|
|
%files
|
|
%defattr(-,root,root,-)
|
|
%doc README.md
|
|
%license LICENSE
|
|
%{_sbindir}/usbguard-daemon
|
|
%dir %{_sysconfdir}/usbguard
|
|
%{_sbindir}/rcusbguard
|
|
%config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf
|
|
%{_unitdir}/usbguard.service
|
|
%{_datadir}/man/man8/usbguard-daemon.8.gz
|
|
%{_datadir}/man/man8/usbguard-dbus.8.gz
|
|
%{_datadir}/man/man5/usbguard-daemon.conf.5.gz
|
|
%{_datadir}/man/man5/usbguard-rules.conf.5.gz
|
|
#{_sbindir}/usbguard-dbus
|
|
#/usr/share/dbus-1/system-services/org.usbguard.service
|
|
#dir /usr/share/dbus-1/system.d
|
|
#/usr/share/dbus-1/system.d/org.usbguard.conf
|
|
#/usr/share/polkit-1/actions/org.usbguard.policy
|
|
|
|
%files -n %lname
|
|
%defattr(-,root,root,-)
|
|
%license LICENSE
|
|
%{_libdir}/*.so.*
|
|
|
|
%files devel
|
|
%defattr(-,root,root,-)
|
|
%{_includedir}/*
|
|
%{_libdir}/*.so
|
|
%{_libdir}/pkgconfig/*.pc
|
|
|
|
%files tools
|
|
%defattr(-,root,root,-)
|
|
%{_bindir}/usbguard
|
|
%{_bindir}/usbguard-rule-parser
|
|
%{_datadir}/man/man1/usbguard.1.gz
|
|
|
|
%changelog
|