packages/usbguard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!1 package init

Browse Source 
From: @li_zhen_hua
Reviewed-by: 
Signed-off-by:
This commit is contained in:
openeuler-ci-bot 2020-09-12 23:10:47 +08:00 committed by Gitee
commit 9bce4ba19e
5 changed files with 886 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

567
0001-Update-to-latest-PEGTL-API.patch Normal file
View File

@ -0,0 +1,567 @@
diff --git a/configure.ac b/configure.ac
index a135e01..f565b87 100644
--- a/configure.ac
+++ b/configure.ac
@@ -290,54 +290,28 @@ AC_SUBST([catch_LIBS])
#
AC_ARG_WITH([bundled-pegtl], AS_HELP_STRING([--with-bundled-pegtl], [Build using the bundled PEGTL library]), [with_bundled_pegtl=$withval], [with_bundled_pegtl=no])
if test "x$with_bundled_pegtl" = xyes; then
- pegtl_CFLAGS="-I\$(top_srcdir)/src/ThirdParty/PEGTL"
- pegtl_AC_CFLAGS="-I$srcdir/src/ThirdParty/PEGTL"
+ pegtl_CFLAGS="-I\$(top_srcdir)/src/ThirdParty/PEGTL/include"
+ pegtl_AC_CFLAGS="-I$srcdir/src/ThirdParty/PEGTL/include"
pegtl_LIBS=""
AC_MSG_NOTICE([Using bundled PEGTL library])
pegtl_summary="bundled; $pegtl_CFLAGS $pegtl_LIBS"
else
- SAVE_CPPFLAGS=$CPPFLAGS
- CPPFLAGS="-std=c++11 $CPPFLAGS"
- AC_LANG_PUSH([C++])
- AC_CHECK_HEADER([pegtl.hh], [], [AC_MSG_FAILURE(pegtl.hh not found or not usable. Re-run with --with-bundled-pegtl to use the bundled library.)])
- AC_LANG_POP
pegtl_CFLAGS=""
pegtl_AC_CFLAGS=""
pegtl_LIBS=""
- CPPFLAGS=$SAVE_CPPFLAGS
pegtl_summary="system-wide; $pegtl_CFLAGS $pegtl_LIBS"
fi
AC_SUBST([pegtl_CFLAGS])
AC_SUBST([pegtl_AC_CFLAGS])
AC_SUBST([pegtl_LIBS])
-#
-# Check whether the available PEGTL library is compatible
-# with version 1.3.1 or older.
-#
SAVE_CPPFLAGS=$CPPFLAGS
-CPPFLAGS="-std=c++11 $pegtl_AC_CFLAGS"
+CPPFLAGS="-std=c++11 $CPPFLAGS $pegtl_AC_CFLAGS"
AC_LANG_PUSH([C++])
-AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
-#include <pegtl.hh>
-#include <string>
-int main(void)
-{
- struct grammar
- : pegtl::one<'g'> {};
- try {
- pegtl::parse_string<grammar>(std::string(), std::string());
- } catch(const pegtl::parse_error& ex) {
- auto b = ex.positions[0].byte_in_line;
- }
- return 0;
-}
-]])],
-[have_pegtl_lte_131=no], [have_pegtl_lte_131=yes])
+AC_CHECK_HEADER([tao/pegtl.hpp],
+ [AC_DEFINE([HAVE_TAO_PEGTL_HPP], [1], [PEGTL header file with .hpp extension is present])],
+ [AC_MSG_FAILURE(PEGTL header file not found or not usable. Re-run with --with-bundled-pegtl to use the bundled library.)])
AC_LANG_POP
-if test "x$have_pegtl_lte_131" = xyes; then
- AC_DEFINE([HAVE_PEGTL_LTE_1_3_1], [1], [PEGTL version less than or equal to 1.3.1])
-fi
CPPFLAGS=$SAVE_CPPFLAGS
#
diff --git a/src/Library/RuleParser/Actions.hpp b/src/Library/RuleParser/Actions.hpp
index 3e185f4..2b21bd2 100644
--- a/src/Library/RuleParser/Actions.hpp
+++ b/src/Library/RuleParser/Actions.hpp
@@ -24,7 +24,7 @@
#include "Utility.hpp"
#include "Common/Utility.hpp"
-#include <pegtl.hh>
+#include <tao/pegtl.hpp>
namespace usbguard
{
@@ -47,7 +47,7 @@ namespace usbguard
struct str_if;
template<typename Rule>
- struct rule_parser_actions : pegtl::nothing<Rule> {};
+ struct rule_parser_actions : tao::pegtl::nothing<Rule> {};
template<>
struct rule_parser_actions<target> {
@@ -58,7 +58,7 @@ namespace usbguard
rule.setTarget(Rule::targetFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -75,7 +75,7 @@ namespace usbguard
rule.setDeviceID(device_id);
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -87,7 +87,7 @@ namespace usbguard
}
template<typename Rule>
- struct name_actions : pegtl::nothing<Rule> {};
+ struct name_actions : tao::pegtl::nothing<Rule> {};
template<>
struct name_actions<str_name> {
@@ -95,7 +95,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeName().empty()) {
- throw pegtl::parse_error("name attribute already defined", in);
+ throw tao::pegtl::parse_error("name attribute already defined", in);
}
}
};
@@ -109,7 +109,7 @@ namespace usbguard
rule.attributeName().append(stringValueFromRule(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -123,13 +123,13 @@ namespace usbguard
rule.attributeName().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct id_actions : pegtl::nothing<Rule> {};
+ struct id_actions : tao::pegtl::nothing<Rule> {};
template<>
struct id_actions<str_id> {
@@ -137,7 +137,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeDeviceID().empty()) {
- throw pegtl::parse_error("id attribute already defined", in);
+ throw tao::pegtl::parse_error("id attribute already defined", in);
}
}
};
@@ -154,7 +154,7 @@ namespace usbguard
rule.attributeDeviceID().append(device_id);
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -168,13 +168,13 @@ namespace usbguard
rule.attributeDeviceID().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct hash_actions : pegtl::nothing<Rule> {};
+ struct hash_actions : tao::pegtl::nothing<Rule> {};
template<>
struct hash_actions<str_hash> {
@@ -182,7 +182,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeHash().empty()) {
- throw pegtl::parse_error("hash attribute already defined", in);
+ throw tao::pegtl::parse_error("hash attribute already defined", in);
}
}
};
@@ -196,7 +196,7 @@ namespace usbguard
rule.attributeHash().append(stringValueFromRule(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -210,13 +210,13 @@ namespace usbguard
rule.attributeHash().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct parent_hash_actions : pegtl::nothing<Rule> {};
+ struct parent_hash_actions : tao::pegtl::nothing<Rule> {};
template<>
struct parent_hash_actions<str_parent_hash> {
@@ -224,7 +224,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeParentHash().empty()) {
- throw pegtl::parse_error("parent-hash attribute already defined", in);
+ throw tao::pegtl::parse_error("parent-hash attribute already defined", in);
}
}
};
@@ -238,7 +238,7 @@ namespace usbguard
rule.attributeParentHash().append(stringValueFromRule(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -252,13 +252,13 @@ namespace usbguard
rule.attributeParentHash().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct serial_actions : pegtl::nothing<Rule> {};
+ struct serial_actions : tao::pegtl::nothing<Rule> {};
template<>
struct serial_actions<str_serial> {
@@ -266,7 +266,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeSerial().empty()) {
- throw pegtl::parse_error("serial attribute already defined", in);
+ throw tao::pegtl::parse_error("serial attribute already defined", in);
}
}
};
@@ -280,7 +280,7 @@ namespace usbguard
rule.attributeSerial().append(stringValueFromRule(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -294,13 +294,13 @@ namespace usbguard
rule.attributeSerial().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct via_port_actions : pegtl::nothing<Rule> {};
+ struct via_port_actions : tao::pegtl::nothing<Rule> {};
template<>
struct via_port_actions<str_via_port> {
@@ -308,7 +308,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeViaPort().empty()) {
- throw pegtl::parse_error("via-port attribute already defined", in);
+ throw tao::pegtl::parse_error("via-port attribute already defined", in);
}
}
};
@@ -322,7 +322,7 @@ namespace usbguard
rule.attributeViaPort().append(stringValueFromRule(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -336,13 +336,13 @@ namespace usbguard
rule.attributeViaPort().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct with_interface_actions : pegtl::nothing<Rule> {};
+ struct with_interface_actions : tao::pegtl::nothing<Rule> {};
template<>
struct with_interface_actions<str_with_interface> {
@@ -350,7 +350,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeWithInterface().empty()) {
- throw pegtl::parse_error("with-interface attribute already defined", in);
+ throw tao::pegtl::parse_error("with-interface attribute already defined", in);
}
}
};
@@ -365,7 +365,7 @@ namespace usbguard
rule.attributeWithInterface().append(interface_type);
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -379,13 +379,13 @@ namespace usbguard
rule.attributeWithInterface().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
template<typename Rule>
- struct condition_actions : pegtl::nothing<Rule> {};
+ struct condition_actions : tao::pegtl::nothing<Rule> {};
template<>
struct condition_actions<str_if> {
@@ -393,7 +393,7 @@ namespace usbguard
static void apply(const Input& in, Rule& rule)
{
if (!rule.attributeConditions().empty()) {
- throw pegtl::parse_error("conditions already defined", in);
+ throw tao::pegtl::parse_error("conditions already defined", in);
}
}
};
@@ -407,7 +407,7 @@ namespace usbguard
rule.attributeConditions().append(RuleCondition(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
@@ -421,7 +421,7 @@ namespace usbguard
rule.attributeConditions().setSetOperator(Rule::setOperatorFromString(in.string()));
}
catch (const std::exception& ex) {
- throw pegtl::parse_error(ex.what(), in);
+ throw tao::pegtl::parse_error(ex.what(), in);
}
}
};
diff --git a/src/Library/RuleParser/Grammar.hpp b/src/Library/RuleParser/Grammar.hpp
index 9bd4a15..4d785c0 100644
--- a/src/Library/RuleParser/Grammar.hpp
+++ b/src/Library/RuleParser/Grammar.hpp
@@ -22,37 +22,37 @@
#endif
#include "Actions.hpp"
-#include <pegtl.hh>
-using namespace pegtl;
+#include <tao/pegtl.hpp>
namespace usbguard
{
namespace RuleParser
{
+ using namespace tao::pegtl;
/*
* Rule language keywords
*/
- struct str_allow : pegtl_string_t("allow") {};
- struct str_block : pegtl_string_t("block") {};
- struct str_reject : pegtl_string_t("reject") {};
- struct str_match : pegtl_string_t("match") {};
- struct str_device : pegtl_string_t("device") {};
-
- struct str_name : pegtl_string_t("name") {};
- struct str_hash : pegtl_string_t("hash") {};
- struct str_parent_hash : pegtl_string_t("parent-hash") {};
- struct str_via_port : pegtl_string_t("via-port") {};
- struct str_with_interface : pegtl_string_t("with-interface") {};
- struct str_serial : pegtl_string_t("serial") {};
- struct str_if : pegtl_string_t("if") {};
- struct str_id : pegtl_string_t("id") {};
-
- struct str_all_of : pegtl_string_t("all-of") {};
- struct str_one_of : pegtl_string_t("one-of") {};
- struct str_none_of : pegtl_string_t("none-of") {};
- struct str_equals : pegtl_string_t("equals") {};
- struct str_equals_ordered : pegtl_string_t("equals-ordered") {};
+ struct str_allow : TAOCPP_PEGTL_STRING("allow") {};
+ struct str_block : TAOCPP_PEGTL_STRING("block") {};
+ struct str_reject : TAOCPP_PEGTL_STRING("reject") {};
+ struct str_match : TAOCPP_PEGTL_STRING("match") {};
+ struct str_device : TAOCPP_PEGTL_STRING("device") {};
+
+ struct str_name : TAOCPP_PEGTL_STRING("name") {};
+ struct str_hash : TAOCPP_PEGTL_STRING("hash") {};
+ struct str_parent_hash : TAOCPP_PEGTL_STRING("parent-hash") {};
+ struct str_via_port : TAOCPP_PEGTL_STRING("via-port") {};
+ struct str_with_interface : TAOCPP_PEGTL_STRING("with-interface") {};
+ struct str_serial : TAOCPP_PEGTL_STRING("serial") {};
+ struct str_if : TAOCPP_PEGTL_STRING("if") {};
+ struct str_id : TAOCPP_PEGTL_STRING("id") {};
+
+ struct str_all_of : TAOCPP_PEGTL_STRING("all-of") {};
+ struct str_one_of : TAOCPP_PEGTL_STRING("one-of") {};
+ struct str_none_of : TAOCPP_PEGTL_STRING("none-of") {};
+ struct str_equals : TAOCPP_PEGTL_STRING("equals") {};
+ struct str_equals_ordered : TAOCPP_PEGTL_STRING("equals-ordered") {};
/*
* Generic rule attribute
diff --git a/src/Library/UEventParser.cpp b/src/Library/UEventParser.cpp
index 2e0ce39..aebe948 100644
--- a/src/Library/UEventParser.cpp
+++ b/src/Library/UEventParser.cpp
@@ -27,7 +27,9 @@
#include "usbguard/Logger.hpp"
#include <fstream>
-#include <pegtl/trace.hh>
+
+#include <tao/pegtl/contrib/tracer.hpp>
+using namespace tao;
namespace usbguard
{
@@ -114,25 +116,14 @@ namespace usbguard
void parseUEventFromString(const std::string& uevent_string, UEvent& uevent, bool trace)
{
try {
-#if HAVE_PEGTL_LTE_1_3_1
+ tao::pegtl::string_input<> in(uevent_string, std::string());
if (!trace) {
- pegtl::parse<G, UEventParser::actions>(uevent_string, std::string(), uevent);
+ tao::pegtl::parse<G, UEventParser::actions>(in, uevent);
}
else {
- pegtl::parse<G, UEventParser::actions, pegtl::tracer>(uevent_string, std::string(), uevent);
- }
-
-#else
-
- if (!trace) {
- pegtl::parse_string<G, UEventParser::actions>(uevent_string, std::string(), uevent);
+ tao::pegtl::parse<G, UEventParser::actions, tao::pegtl::tracer>(in, uevent);
}
- else {
- pegtl::parse_string<G, UEventParser::actions, pegtl::tracer>(uevent_string, std::string(), uevent);
- }
-
-#endif
}
catch (...) {
throw;
diff --git a/src/Library/UEventParser.hpp b/src/Library/UEventParser.hpp
index 856d5ff..4261bd5 100644
--- a/src/Library/UEventParser.hpp
+++ b/src/Library/UEventParser.hpp
@@ -23,9 +23,7 @@
#include "usbguard/Typedefs.hpp"
-#include <pegtl.hh>
-
-using namespace pegtl;
+#include <tao/pegtl.hpp>
namespace usbguard
{
@@ -33,6 +31,8 @@ namespace usbguard
namespace UEventParser
{
+ using namespace tao::pegtl;
+
struct value
: seq<not_one<'\0', '\n'>, star<not_one<'\0', '\n'>>> {};
diff --git a/src/Library/public/usbguard/RuleParser.cpp b/src/Library/public/usbguard/RuleParser.cpp
index 4061e01..140bf14 100644
--- a/src/Library/public/usbguard/RuleParser.cpp
+++ b/src/Library/public/usbguard/RuleParser.cpp
@@ -34,7 +34,7 @@
#include <stdexcept>
#include <stdlib.h>
-#include <pegtl/trace.hh>
+#include <tao/pegtl/contrib/tracer.hpp>
namespace usbguard
{
@@ -42,35 +42,21 @@ namespace usbguard
{
try {
Rule rule;
-#if HAVE_PEGTL_LTE_1_3_1
+ tao::pegtl::string_input<> input(rule_spec, file);
if (!trace) {
- pegtl::parse<RuleParser::rule_grammar, RuleParser::rule_parser_actions>(rule_spec, file, rule);
+ tao::pegtl::parse<RuleParser::rule_grammar, RuleParser::rule_parser_actions>(input, rule);
}
else {
- pegtl::parse<RuleParser::rule_grammar, RuleParser::rule_parser_actions, pegtl::tracer>(rule_spec, file, rule);
+ tao::pegtl::parse<RuleParser::rule_grammar, RuleParser::rule_parser_actions, tao::pegtl::tracer>(input, rule);
}
-#else
-
- if (!trace) {
- pegtl::parse_string<RuleParser::rule_grammar, RuleParser::rule_parser_actions>(rule_spec, file, rule);
- }
- else {
- pegtl::parse_string<RuleParser::rule_grammar, RuleParser::rule_parser_actions, pegtl::tracer>(rule_spec, file, rule);
- }
-
-#endif
return rule;
}
- catch (const pegtl::parse_error& ex) {
+ catch (const tao::pegtl::parse_error& ex) {
RuleParserError error(rule_spec);
error.setHint(ex.what());
-#if HAVE_PEGTL_LTE_1_3_1
- error.setOffset(ex.positions[0].column);
-#else
error.setOffset(ex.positions[0].byte_in_line);
-#endif
if (!file.empty() || line != 0) {
error.setFileInfo(file, line);
--
2.13.6

BIN
usbguard-0.7.2.tar.gz Normal file
View File

Binary file not shown.

173
usbguard-daemon.conf Normal file
View File

@ -0,0 +1,173 @@
#
# Rule set file path.
#
# The USBGuard daemon will use this file to load the policy
# rule set from it and to write new rules received via the
# IPC interface.
#
# RuleFile=/path/to/rules.conf
#
RuleFile=/etc/usbguard/rules.conf
#
# Implicit policy target.
#
# How to treat devices that don't match any rule in the
# policy. One of:
#
# * allow - authorize the device
# * block - block the device
# * reject - remove the device
#
ImplicitPolicyTarget=block
#
# Present device policy.
#
# How to treat devices that are already connected when the
# daemon starts. One of:
#
# * allow - authorize every present device
# * block - deauthorize every present device
# * reject - remove every present device
# * keep - just sync the internal state and leave it
# * apply-policy - evaluate the ruleset for every present
# device
#
PresentDevicePolicy=apply-policy
#
# Present controller policy.
#
# How to treat USB controllers that are already connected
# when the daemon starts. One of:
#
# * allow - authorize every present device
# * block - deauthorize every present device
# * reject - remove every present device
# * keep - just sync the internal state and leave it
# * apply-policy - evaluate the ruleset for every present
# device
#
PresentControllerPolicy=keep
#
# Inserted device policy.
#
# How to treat USB devices that are already connected
# *after* the daemon starts. One of:
#
# * block - deauthorize every present device
# * reject - remove every present device
# * apply-policy - evaluate the ruleset for every present
# device
#
InsertedDevicePolicy=apply-policy
#
# Restore controller device state.
#
# The USBGuard daemon modifies some attributes of controller
# devices like the default authorization state of new child device
# instances. Using this setting, you can controll whether the
# daemon will try to restore the attribute values to the state
# before modificaton on shutdown.
#
# SECURITY CONSIDERATIONS: If set to true, the USB authorization
# policy could be bypassed by performing some sort of attack on the
# daemon (via a local exploit or via a USB device) to make it shutdown
# and restore to the operating-system default state (known to be permissive).
#
RestoreControllerDeviceState=false
#
# Device manager backend
#
# Which device manager backend implementation to use. One of:
#
# * uevent - Netlink based implementation which uses sysfs to scan for present
# devices and an uevent netlink socket for receiving USB device
# related events.
# * dummy - A dummy device manager which simulates several devices and device
# events. Useful for testing.
#
DeviceManagerBackend=uevent
#!!! WARNING: It's good practice to set at least one of the !!!
#!!! two options bellow. If none of them are set, !!!
#!!! the daemon will accept IPC connections from !!!
#!!! anyone, thus allowing anyone to modify the !!!
#!!! rule set and (de)authorize USB devices. !!!
#
# Users allowed to use the IPC interface.
#
# A space delimited list of usernames that the daemon will
# accept IPC connections from.
#
# IPCAllowedUsers=username1 username2 ...
#
IPCAllowedUsers=root
#
# Groups allowed to use the IPC interface.
#
# A space delimited list of groupnames that the daemon will
# accept IPC connections from.
#
# IPCAllowedGroups=groupname1 groupname2 ...
#
IPCAllowedGroups=wheel
#
# IPC access control definition files path.
#
# The files at this location will be interpreted by the daemon
# as access control definition files. The (base)name of a file
# should be in the form:
#
# [user][:<group>]
#
# and should contain lines in the form:
#
# <section>=[privilege] ...
#
# This way each file defines who is able to connect to the IPC
# bus and what privileges he has.
#
IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/
#
# Generate device specific rules including the "via-port"
# attribute.
#
# This option modifies the behavior of the allowDevice
# action. When instructed to generate a permanent rule,
# the action can generate a port specific rule. Because
# some systems have unstable port numbering, the generated
# rule might not match the device after rebooting the system.
#
# If set to false, the generated rule will still contain
# the "parent-hash" attribute which also defines an association
# to the parent device. See usbguard-rules.conf(5) for more
# details.
#
DeviceRulesWithPort=false
#
# USBGuard Audit events log backend
#
# One of:
#
# * FileAudit - Log audit events into a file specified by
# AuditFilePath setting (see below)
# * LinuxAudit - Log audit events using the Linux Audit
# subsystem (using audit_log_user_message)
#
AuditBackend=FileAudit
#
# USBGuard audit events log file path.
#
AuditFilePath=/var/log/usbguard/usbguard-audit.log

142
usbguard.spec Normal file
View File

@ -0,0 +1,142 @@
%global _hardened_build 1
Name: usbguard
Version: 0.7.2
Release: 6
Summary: A tool for computer usb guard
License: GPLv2+
URL: https://usbguard.github.io/
Source0: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz
Source1: usbguard-daemon.conf
Patch0000: 0001-Update-to-latest-PEGTL-API.patch
BuildRequires: libqb-devel libgcrypt-devel libstdc++-devel protobuf-devel protobuf-compiler PEGTL-static
BuildRequires: catch1-devel autoconf automake libtool bash-completion asciidoctor audit-libs-devel systemd
BuildRequires: qt5-qtbase-devel qt5-qtsvg-devel qt5-linguist dbus-glib-devel dbus-devel glib2-devel
BuildRequires: polkit-devel libxslt libxml2
Requires: systemd
%description
USBGuard helps to protect your computer against rogue USB devices.
%package devel
Summary: Development files for usbguard
Requires: usbguard = %{version}-%{release} pkgconfig libstdc++-devel
%description devel
Development libraries and header files for usbguard.
%package tools
Summary: USBGuard Tools
Requires: usbguard = %{version}-%{release}
%description tools
Optional tools from the USBGuard software framework.
%package applet-qt
Summary: USBGuard Qt 5.x Applet
Requires: usbguard = %{version}-%{release}
Obsoletes: usbguard-applet-qt <= 0.3
%description applet-qt
Optional Qt 5.x desktop applet for interacting with the USBGuard daemon component.
%package dbus
Summary: USBGuard D-Bus Service
Requires: usbguard = %{version}-%{release} dbus polkit
%description dbus
Optional component that provides a D-Bus interface to the USBGuard daemon component.
%package help
Summary: Documentation for usbguard
Requires: usbguard = %{version}-%{release}
%description help
Documentation for usbguard
%prep
%autosetup -n usbguard-%{version} -p1
rm -rf src/ThirdParty/{Catch,PEGTL}
%build
install -d ./m4
autoreconf -i -v --no-recursive ./
%configure --disable-silent-rules --without-bundled-catch --without-bundled-pegtl \
--enable-systemd --with-gui-qt=qt5 --with-dbus --with-polkit \
--with-crypto-library=gcrypt
%make_build
%check
make check
%install
%make_install
install -d %{buildroot}%{_sysconfdir}/usbguard/IPCAccessControl.d
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
chmod 644 %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
%delete_la
%preun
%systemd_preun usbguard.service
%post
/sbin/ldconfig
%systemd_post usbguard.service
%postun
/sbin/ldconfig
%systemd_postun usbguard.service
%preun dbus
%systemd_preun usbguard-dbus.service
%post dbus
%systemd_post usbguard-dbus.service
%postun dbus
%systemd_postun_with_restart usbguard-dbus.service
%files
%doc LICENSE
%exclude %{_libdir}/*.a
%{_libdir}/*.so.*
%{_sbindir}/usbguard-daemon
%{_bindir}/usbguard
%dir %{_localstatedir}/log/usbguard
%dir %{_sysconfdir}/usbguard
%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
%{_unitdir}/usbguard.service
%{_datadir}/bash-completion/completions/usbguard
%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files tools
%{_bindir}/usbguard-rule-parser
%files applet-qt
%{_bindir}/usbguard-applet-qt
%{_datadir}/applications/usbguard-applet-qt.desktop
%{_datadir}/icons/hicolor/scalable/apps/usbguard-icon.svg
%files dbus
%{_sbindir}/usbguard-dbus
%{_datadir}/dbus-1/system-services/org.usbguard.service
%{_datadir}/dbus-1/system.d/org.usbguard.conf
%{_datadir}/polkit-1/actions/org.usbguard.policy
%{_unitdir}/usbguard-dbus.service
%files help
%doc README.adoc CHANGELOG.md
%{_mandir}/*/*
%changelog
* Mon Apr 27 2020 lizhenhua <lizhenhua21@huawei.com> - 0.7.2-6
- Package init

4
usbguard.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: github
src_repo: USBGuard/usbguard
tag_prefix: usbguard-
seperator: .