SHA256
1
0
forked from pool/usbguard
usbguard/usbguard.spec
Tomáš Chvátal c66df247a5 Accepting request 768870 from home:StefanBruens:branches:devel:libraries:c_c++
- update to 0.7.6
  + Added missing options in manpage usbguard-daemon(8)
  + Extended the functionality of allow/block/reject commands
    The command can handle rule as a param and not only its ID e.g.
    in case of allow, command will allow each device that matches
    provided rule
  + Added debug info for malformed descriptors
  + Changed default backend to uevent
  + Fixed handling of add uevents during scanning
    Now we are sure that the enumeration is completed before
    processing any uevent we are trying to avoid a race where
    the kernel is still enumerating the devices and send the
    uevent while the parent is being authorised
  + Silenced 'bind' and 'unbind' uevents
- Remove PEGTL build dependency, the package already uses the
  bundled version, and there is hardly any reason to unbundle
  a template (header only) library.
- Remove Qt5 build dependencies, Qt applet is a separate package.
- Use pkgconfig(udev) instead of udev-devel to allow shortcut
  via udev-mini.
- update to 0.7.5
  - Added daemon configuration option HidePII
  - Added check to avoid conflict between ASAN and TSAN
  - Added daemon configuration option for authorized_default
  - Added devpath option to generate-policy
  - Added # line comments to the rule grammar
  - Added ImplicitPolicyTarget to get/set parameter methods
  - Added option to filter rules by label when listing
  - Added the label attribute to rule
  - Added PropertyParameterChanged signal
  - Added support for portX/connect_type attribute
  - Added temporary option to append-rule
  - Added versioning to DBus service
  - Added optional LDAP support
  - Fixed invalid return value in Rule::Attribute::setSolveEqualsOrdered
  - Fixed KeyValueParser to validate keys only when known names are set
  - Fixed uninitialized variables found by coverity
  - Fixes and cleanups based on LGTM.com report
  - Hardened systemd service
  - Rename ListRules parameter 'query' to 'label'
  - Skip empty lines in usbguard-rule-parser
  - The proof-of-concept Qt applet was removed. It is going to be maintained
    in a simplified form as a separate project.
    Removed: usbguard-applet-qt_desktop_menu_categories.patch
    Modified: usbguard-pthread.patch
- Updated usbguard.keyring to add new gpg key for upstream: 5A2EC3932A983910
- link against libpthread to make it build (bsc#1141377)
- added usbguard-pthread.patch
- Run spec-cleaner
- Add the missing systemd build requirement.
- use upstream usbguard.service instead of hardcoded version (bsc#1120969) 
- Fix RPM groups. Avoid pointless shelling out to /bin/rm.
- changed zsh completion location
- added rpmlint for zero size rules.conf
- added signature verification of tarball
  - add usbguard-0.7.4.tar.gz.sig
  - add usbguard.keyring
- update to 0.7.4
  - Changed
    Fixed conditional manual page generation & installation
- update to 0.7.3
  - Changed
    usbguard-daemon will now exit with an error if it fails to open a logging file or audit event file.
    Modified the present device enumeration algorithm to be more reliable.  Enumeration timeouts won't cause usbguard-daemon process to exit anymore.
  - Added
    umockdev based device manager capable of simulating devices based on umockdev-record files.
- update to 0.7.2
  - Changed
    Fixed memory leaks in usbguard::Hash class.
    Fixed file descriptor leaks in usbguard::SysFSDevice class.
    Skip audit backend logging when no backend was set.
  - Added
    Added zsh completion & other scripts to the distribution tarball.
- update to 0.7.1
  - Added
    CLI: usbguard watch command now includes an -e <path> option to run an executable for every received event. Event data are passed to the executable via environment variables.
    usbguard-daemon: added "-K" option which can disable logging to console.
    Added zsh autocompletion support.
    usbguard-daemon: added "-f" option which enabled double-fork daemonization procedure.
    Added AuditBackend usbguard-daemon configuration option for selecting audit log backend.
    Linux Audit support via new LinuxAudit backend.
    Added missing RuleCondition.hpp header file to the public API headers.
  - Changed
    Qt Applet: disabled session management
    usbguard-daemon console logging output is enabled by default now.  Previously, the -k option had to be passed to enable the output.
    Replaced --enable-maintainer-mode configure option with --enable-full-test-suite option. When the new option is not used during the configure phase, only a basic set of test is run during the make check phase.
    usbguard-daemon now opens configuration in read-only mode
    Fixed UEventDeviceManager to work with Linux Kernel >= 4.13
    Refactored audit logging to support different audit log backends
    Made the configuration parser strict. Unknown directives and wrong syntax will cause an error.
- Added usbguard-applet-qt package to allow easier user interaction
- Added usbguard-applet-qt_desktop_menu_categories.patch to fix category
- Updated usbguard-daemon.conf to upstream version
- Removed obsolte patch usbguard-fixes.patch
- Added rules.conf, fixing bsc#1071076
- updated to 0.7.0
  - Added
    Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
    Added RestoreControllerDeviceState configuration option.
    Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
    Implemented an uevent based device manager backend.
    Added setParameter, getParameter IPC (incl. D-Bus) methods.
    Added set-parameter, get-parameter CLI subcommands.
    Qt Applet: Added Spanish (es_AR) translation.
    Create empty rules.conf file at install time (make install).
    Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
    If bash completion support is detected at configure time, install the bash completion script during make install.
    Added new configuration setting: IPCAccessControlFiles.
    IPC access is now configurable down to a section and privilege level per user and/or group.
    Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
    Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
  - Removed
    Removed UDev based device manager backend and UDev related dependencies.
    Removed UDev development files/API dependecy
  - Changed
    Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
    Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
    Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
    Extended test suite with use case tests.
    Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
    Fixed several memory leaks.
    Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
- Updated to 0.6.2
    Wait for disconnect in IPCClient dtor if needed
    Qt Applet: Fixed loading of decision method and default decision settings
- Updated to 0.6.1
  - Changed
    Refactored logging subsystem
    Fixed handling of IPC disconnect in the IPCClient class
    Qt Applet: Fixed handling of main window minimization and maximization
    Fixed building on architectures that don't provide required atomic operations.
    The libatomic emulation library will be used in such cases.
    Fixed several typos in the documentation
  - Added
    Implemented a simple internal logger
    Access to the logger via public API
    Improved logging coverage. Logging output can be enabled either via
    CLI options or by setting the USBGUARD_DEBUG environment variable to 1.
    Qt Applet: UI translation support.
    Qt Applet: Czech (cs_CZ) translation
  - Removed
    Removed spdlog dependency
- ....  ommitted changes from 0.5* series ..
- split off a library package libusbguard0
- a daemon and framework and tools to guard against bad usb
  devices.

OBS-URL: https://build.opensuse.org/request/show/768870
OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=26
2020-01-31 09:06:05 +00:00

178 lines
5.2 KiB
RPMSpec

#
# spec file for package usbguard
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global _hardened_build 1
%define lname libusbguard0
Name: usbguard
Version: 0.7.6
Release: 0
Summary: A tool for implementing USB device usage policy
## Not installed
# src/ThirdParty/Catch: Boost Software License - Version 1.0
License: GPL-2.0-or-later
Group: System/Daemons
URL: https://usbguard.github.io
Source0: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz
Source1: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz.sum.asc
Source2: usbguard.keyring
Source3: usbguard-daemon.conf
Source4: usbguard-rpmlintrc
Patch0: usbguard-pthread.patch
BuildRequires: asciidoc
BuildRequires: aspell
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bash-completion-devel
BuildRequires: dbus-1-glib-devel
BuildRequires: gcc-c++
BuildRequires: libcap-ng-devel
BuildRequires: libqb-devel
BuildRequires: libseccomp-devel
BuildRequires: libsodium-devel
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: polkit-devel
#BuildRequires: spdlog-static
BuildRequires: protobuf-devel
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(udev)
%{?systemd_requires}
%description
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.
%package -n %{lname}
Summary: Library for implementing USB device usage policy
Group: System/Libraries
%description -n %{lname}
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries/C and C++
Requires: %{lname} = %{version}
Requires: %{name} = %{version}
Requires: libstdc++-devel
Requires: pkgconfig
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package tools
Summary: USBGuard Tools
Group: System/Management
Requires: %{name} = %{version}-%{release}
%description tools
The %{name}-tools package contains optional tools from the USBGuard
software framework.
%prep
%setup -q -n usbguard-%{version}
%patch0 -p1
%build
mkdir -p ./m4
autoreconf -i -s --no-recursive ./
%configure \
--disable-silent-rules \
--with-bundled-catch \
--with-bundled-pegtl \
--enable-systemd \
--without-dbus \
--disable-static
make %{?_smp_mflags}
%check
# while we specify --with-bundled-catch, it is not there :(
# make check
%install
%make_install INSTALL="install -p"
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard
# Install configuration
mkdir -p %{buildroot}%{_sysconfdir}/usbguard
install -p -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
# zsh completion, currently needs manual intervention
mkdir -p %{buildroot}%{_datadir}/zsh/site-functions/
install -p -m 644 scripts/usbguard-zsh-completion %{buildroot}%{_datadir}/zsh/site-functions/_usbguard
# Cleanup
find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete
%preun
%service_del_preun usbguard.service
%post
%service_add_post usbguard.service
%postun
%service_del_postun usbguard.service
%pre
%service_add_pre usbguard.service
%post -n libusbguard0 -p /sbin/ldconfig
%postun -n libusbguard0 -p /sbin/ldconfig
%files
%doc README.adoc CHANGELOG.md
%license LICENSE
%{_sbindir}/usbguard-daemon
%dir %{_localstatedir}/log/usbguard
%dir %{_sysconfdir}/usbguard
%{_sbindir}/rcusbguard
%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
%{_unitdir}/usbguard.service
%{_mandir}/man8/usbguard-daemon.8%{?ext_man}
%{_mandir}/man5/usbguard-daemon.conf.5%{?ext_man}
%{_mandir}/man5/usbguard-rules.conf.5%{?ext_man}
%{_datadir}/bash-completion/completions/usbguard
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%{_datadir}/zsh/site-functions/_usbguard
%files -n %{lname}
%license LICENSE
%{_libdir}/*.so.*
%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files tools
%{_bindir}/usbguard
%{_bindir}/usbguard-rule-parser
%{_mandir}/man1/usbguard.1%{?ext_man}
%changelog