diff --git a/0001-Update-to-latest-PEGTL-API.patch b/0001-Update-to-latest-PEGTL-API.patch new file mode 100644 index 0000000..1ebfd1e --- /dev/null +++ b/0001-Update-to-latest-PEGTL-API.patch @@ -0,0 +1,567 @@ +diff --git a/configure.ac b/configure.ac +index a135e01..f565b87 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -290,54 +290,28 @@ AC_SUBST([catch_LIBS]) + # + AC_ARG_WITH([bundled-pegtl], AS_HELP_STRING([--with-bundled-pegtl], [Build using the bundled PEGTL library]), [with_bundled_pegtl=$withval], [with_bundled_pegtl=no]) + if test "x$with_bundled_pegtl" = xyes; then +- pegtl_CFLAGS="-I\$(top_srcdir)/src/ThirdParty/PEGTL" +- pegtl_AC_CFLAGS="-I$srcdir/src/ThirdParty/PEGTL" ++ pegtl_CFLAGS="-I\$(top_srcdir)/src/ThirdParty/PEGTL/include" ++ pegtl_AC_CFLAGS="-I$srcdir/src/ThirdParty/PEGTL/include" + pegtl_LIBS="" + AC_MSG_NOTICE([Using bundled PEGTL library]) + pegtl_summary="bundled; $pegtl_CFLAGS $pegtl_LIBS" + else +- SAVE_CPPFLAGS=$CPPFLAGS +- CPPFLAGS="-std=c++11 $CPPFLAGS" +- AC_LANG_PUSH([C++]) +- AC_CHECK_HEADER([pegtl.hh], [], [AC_MSG_FAILURE(pegtl.hh not found or not usable. Re-run with --with-bundled-pegtl to use the bundled library.)]) +- AC_LANG_POP + pegtl_CFLAGS="" + pegtl_AC_CFLAGS="" + pegtl_LIBS="" +- CPPFLAGS=$SAVE_CPPFLAGS + pegtl_summary="system-wide; $pegtl_CFLAGS $pegtl_LIBS" + fi + AC_SUBST([pegtl_CFLAGS]) + AC_SUBST([pegtl_AC_CFLAGS]) + AC_SUBST([pegtl_LIBS]) + +-# +-# Check whether the available PEGTL library is compatible +-# with version 1.3.1 or older. +-# + SAVE_CPPFLAGS=$CPPFLAGS +-CPPFLAGS="-std=c++11 $pegtl_AC_CFLAGS" ++CPPFLAGS="-std=c++11 $CPPFLAGS $pegtl_AC_CFLAGS" + AC_LANG_PUSH([C++]) +-AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +-#include +-#include +-int main(void) +-{ +- struct grammar +- : pegtl::one<'g'> {}; +- try { +- pegtl::parse_string(std::string(), std::string()); +- } catch(const pegtl::parse_error& ex) { +- auto b = ex.positions[0].byte_in_line; +- } +- return 0; +-} +-]])], +-[have_pegtl_lte_131=no], [have_pegtl_lte_131=yes]) ++AC_CHECK_HEADER([tao/pegtl.hpp], ++ [AC_DEFINE([HAVE_TAO_PEGTL_HPP], [1], [PEGTL header file with .hpp extension is present])], ++ [AC_MSG_FAILURE(PEGTL header file not found or not usable. Re-run with --with-bundled-pegtl to use the bundled library.)]) + AC_LANG_POP +-if test "x$have_pegtl_lte_131" = xyes; then +- AC_DEFINE([HAVE_PEGTL_LTE_1_3_1], [1], [PEGTL version less than or equal to 1.3.1]) +-fi + CPPFLAGS=$SAVE_CPPFLAGS + + # +diff --git a/src/Library/RuleParser/Actions.hpp b/src/Library/RuleParser/Actions.hpp +index 3e185f4..2b21bd2 100644 +--- a/src/Library/RuleParser/Actions.hpp ++++ b/src/Library/RuleParser/Actions.hpp +@@ -24,7 +24,7 @@ + #include "Utility.hpp" + #include "Common/Utility.hpp" + +-#include ++#include + + namespace usbguard + { +@@ -47,7 +47,7 @@ namespace usbguard + struct str_if; + + template +- struct rule_parser_actions : pegtl::nothing {}; ++ struct rule_parser_actions : tao::pegtl::nothing {}; + + template<> + struct rule_parser_actions { +@@ -58,7 +58,7 @@ namespace usbguard + rule.setTarget(Rule::targetFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -75,7 +75,7 @@ namespace usbguard + rule.setDeviceID(device_id); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -87,7 +87,7 @@ namespace usbguard + } + + template +- struct name_actions : pegtl::nothing {}; ++ struct name_actions : tao::pegtl::nothing {}; + + template<> + struct name_actions { +@@ -95,7 +95,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeName().empty()) { +- throw pegtl::parse_error("name attribute already defined", in); ++ throw tao::pegtl::parse_error("name attribute already defined", in); + } + } + }; +@@ -109,7 +109,7 @@ namespace usbguard + rule.attributeName().append(stringValueFromRule(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -123,13 +123,13 @@ namespace usbguard + rule.attributeName().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct id_actions : pegtl::nothing {}; ++ struct id_actions : tao::pegtl::nothing {}; + + template<> + struct id_actions { +@@ -137,7 +137,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeDeviceID().empty()) { +- throw pegtl::parse_error("id attribute already defined", in); ++ throw tao::pegtl::parse_error("id attribute already defined", in); + } + } + }; +@@ -154,7 +154,7 @@ namespace usbguard + rule.attributeDeviceID().append(device_id); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -168,13 +168,13 @@ namespace usbguard + rule.attributeDeviceID().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct hash_actions : pegtl::nothing {}; ++ struct hash_actions : tao::pegtl::nothing {}; + + template<> + struct hash_actions { +@@ -182,7 +182,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeHash().empty()) { +- throw pegtl::parse_error("hash attribute already defined", in); ++ throw tao::pegtl::parse_error("hash attribute already defined", in); + } + } + }; +@@ -196,7 +196,7 @@ namespace usbguard + rule.attributeHash().append(stringValueFromRule(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -210,13 +210,13 @@ namespace usbguard + rule.attributeHash().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct parent_hash_actions : pegtl::nothing {}; ++ struct parent_hash_actions : tao::pegtl::nothing {}; + + template<> + struct parent_hash_actions { +@@ -224,7 +224,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeParentHash().empty()) { +- throw pegtl::parse_error("parent-hash attribute already defined", in); ++ throw tao::pegtl::parse_error("parent-hash attribute already defined", in); + } + } + }; +@@ -238,7 +238,7 @@ namespace usbguard + rule.attributeParentHash().append(stringValueFromRule(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -252,13 +252,13 @@ namespace usbguard + rule.attributeParentHash().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct serial_actions : pegtl::nothing {}; ++ struct serial_actions : tao::pegtl::nothing {}; + + template<> + struct serial_actions { +@@ -266,7 +266,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeSerial().empty()) { +- throw pegtl::parse_error("serial attribute already defined", in); ++ throw tao::pegtl::parse_error("serial attribute already defined", in); + } + } + }; +@@ -280,7 +280,7 @@ namespace usbguard + rule.attributeSerial().append(stringValueFromRule(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -294,13 +294,13 @@ namespace usbguard + rule.attributeSerial().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct via_port_actions : pegtl::nothing {}; ++ struct via_port_actions : tao::pegtl::nothing {}; + + template<> + struct via_port_actions { +@@ -308,7 +308,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeViaPort().empty()) { +- throw pegtl::parse_error("via-port attribute already defined", in); ++ throw tao::pegtl::parse_error("via-port attribute already defined", in); + } + } + }; +@@ -322,7 +322,7 @@ namespace usbguard + rule.attributeViaPort().append(stringValueFromRule(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -336,13 +336,13 @@ namespace usbguard + rule.attributeViaPort().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct with_interface_actions : pegtl::nothing {}; ++ struct with_interface_actions : tao::pegtl::nothing {}; + + template<> + struct with_interface_actions { +@@ -350,7 +350,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeWithInterface().empty()) { +- throw pegtl::parse_error("with-interface attribute already defined", in); ++ throw tao::pegtl::parse_error("with-interface attribute already defined", in); + } + } + }; +@@ -365,7 +365,7 @@ namespace usbguard + rule.attributeWithInterface().append(interface_type); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -379,13 +379,13 @@ namespace usbguard + rule.attributeWithInterface().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; + + template +- struct condition_actions : pegtl::nothing {}; ++ struct condition_actions : tao::pegtl::nothing {}; + + template<> + struct condition_actions { +@@ -393,7 +393,7 @@ namespace usbguard + static void apply(const Input& in, Rule& rule) + { + if (!rule.attributeConditions().empty()) { +- throw pegtl::parse_error("conditions already defined", in); ++ throw tao::pegtl::parse_error("conditions already defined", in); + } + } + }; +@@ -407,7 +407,7 @@ namespace usbguard + rule.attributeConditions().append(RuleCondition(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +@@ -421,7 +421,7 @@ namespace usbguard + rule.attributeConditions().setSetOperator(Rule::setOperatorFromString(in.string())); + } + catch (const std::exception& ex) { +- throw pegtl::parse_error(ex.what(), in); ++ throw tao::pegtl::parse_error(ex.what(), in); + } + } + }; +diff --git a/src/Library/RuleParser/Grammar.hpp b/src/Library/RuleParser/Grammar.hpp +index 9bd4a15..4d785c0 100644 +--- a/src/Library/RuleParser/Grammar.hpp ++++ b/src/Library/RuleParser/Grammar.hpp +@@ -22,37 +22,37 @@ + #endif + + #include "Actions.hpp" +-#include + +-using namespace pegtl; ++#include + + namespace usbguard + { + namespace RuleParser + { ++ using namespace tao::pegtl; + /* + * Rule language keywords + */ +- struct str_allow : pegtl_string_t("allow") {}; +- struct str_block : pegtl_string_t("block") {}; +- struct str_reject : pegtl_string_t("reject") {}; +- struct str_match : pegtl_string_t("match") {}; +- struct str_device : pegtl_string_t("device") {}; +- +- struct str_name : pegtl_string_t("name") {}; +- struct str_hash : pegtl_string_t("hash") {}; +- struct str_parent_hash : pegtl_string_t("parent-hash") {}; +- struct str_via_port : pegtl_string_t("via-port") {}; +- struct str_with_interface : pegtl_string_t("with-interface") {}; +- struct str_serial : pegtl_string_t("serial") {}; +- struct str_if : pegtl_string_t("if") {}; +- struct str_id : pegtl_string_t("id") {}; +- +- struct str_all_of : pegtl_string_t("all-of") {}; +- struct str_one_of : pegtl_string_t("one-of") {}; +- struct str_none_of : pegtl_string_t("none-of") {}; +- struct str_equals : pegtl_string_t("equals") {}; +- struct str_equals_ordered : pegtl_string_t("equals-ordered") {}; ++ struct str_allow : TAOCPP_PEGTL_STRING("allow") {}; ++ struct str_block : TAOCPP_PEGTL_STRING("block") {}; ++ struct str_reject : TAOCPP_PEGTL_STRING("reject") {}; ++ struct str_match : TAOCPP_PEGTL_STRING("match") {}; ++ struct str_device : TAOCPP_PEGTL_STRING("device") {}; ++ ++ struct str_name : TAOCPP_PEGTL_STRING("name") {}; ++ struct str_hash : TAOCPP_PEGTL_STRING("hash") {}; ++ struct str_parent_hash : TAOCPP_PEGTL_STRING("parent-hash") {}; ++ struct str_via_port : TAOCPP_PEGTL_STRING("via-port") {}; ++ struct str_with_interface : TAOCPP_PEGTL_STRING("with-interface") {}; ++ struct str_serial : TAOCPP_PEGTL_STRING("serial") {}; ++ struct str_if : TAOCPP_PEGTL_STRING("if") {}; ++ struct str_id : TAOCPP_PEGTL_STRING("id") {}; ++ ++ struct str_all_of : TAOCPP_PEGTL_STRING("all-of") {}; ++ struct str_one_of : TAOCPP_PEGTL_STRING("one-of") {}; ++ struct str_none_of : TAOCPP_PEGTL_STRING("none-of") {}; ++ struct str_equals : TAOCPP_PEGTL_STRING("equals") {}; ++ struct str_equals_ordered : TAOCPP_PEGTL_STRING("equals-ordered") {}; + + /* + * Generic rule attribute +diff --git a/src/Library/UEventParser.cpp b/src/Library/UEventParser.cpp +index 2e0ce39..aebe948 100644 +--- a/src/Library/UEventParser.cpp ++++ b/src/Library/UEventParser.cpp +@@ -27,7 +27,9 @@ + #include "usbguard/Logger.hpp" + + #include +-#include ++ ++#include ++using namespace tao; + + namespace usbguard + { +@@ -114,25 +116,14 @@ namespace usbguard + void parseUEventFromString(const std::string& uevent_string, UEvent& uevent, bool trace) + { + try { +-#if HAVE_PEGTL_LTE_1_3_1 ++ tao::pegtl::string_input<> in(uevent_string, std::string()); + + if (!trace) { +- pegtl::parse(uevent_string, std::string(), uevent); ++ tao::pegtl::parse(in, uevent); + } + else { +- pegtl::parse(uevent_string, std::string(), uevent); +- } +- +-#else +- +- if (!trace) { +- pegtl::parse_string(uevent_string, std::string(), uevent); ++ tao::pegtl::parse(in, uevent); + } +- else { +- pegtl::parse_string(uevent_string, std::string(), uevent); +- } +- +-#endif + } + catch (...) { + throw; +diff --git a/src/Library/UEventParser.hpp b/src/Library/UEventParser.hpp +index 856d5ff..4261bd5 100644 +--- a/src/Library/UEventParser.hpp ++++ b/src/Library/UEventParser.hpp +@@ -23,9 +23,7 @@ + + #include "usbguard/Typedefs.hpp" + +-#include +- +-using namespace pegtl; ++#include + + namespace usbguard + { +@@ -33,6 +31,8 @@ namespace usbguard + + namespace UEventParser + { ++ using namespace tao::pegtl; ++ + struct value + : seq, star>> {}; + +diff --git a/src/Library/public/usbguard/RuleParser.cpp b/src/Library/public/usbguard/RuleParser.cpp +index 4061e01..140bf14 100644 +--- a/src/Library/public/usbguard/RuleParser.cpp ++++ b/src/Library/public/usbguard/RuleParser.cpp +@@ -34,7 +34,7 @@ + #include + #include + +-#include ++#include + + namespace usbguard + { +@@ -42,35 +42,21 @@ namespace usbguard + { + try { + Rule rule; +-#if HAVE_PEGTL_LTE_1_3_1 ++ tao::pegtl::string_input<> input(rule_spec, file); + + if (!trace) { +- pegtl::parse(rule_spec, file, rule); ++ tao::pegtl::parse(input, rule); + } + else { +- pegtl::parse(rule_spec, file, rule); ++ tao::pegtl::parse(input, rule); + } + +-#else +- +- if (!trace) { +- pegtl::parse_string(rule_spec, file, rule); +- } +- else { +- pegtl::parse_string(rule_spec, file, rule); +- } +- +-#endif + return rule; + } +- catch (const pegtl::parse_error& ex) { ++ catch (const tao::pegtl::parse_error& ex) { + RuleParserError error(rule_spec); + error.setHint(ex.what()); +-#if HAVE_PEGTL_LTE_1_3_1 +- error.setOffset(ex.positions[0].column); +-#else + error.setOffset(ex.positions[0].byte_in_line); +-#endif + + if (!file.empty() || line != 0) { + error.setFileInfo(file, line); +-- +2.13.6 + diff --git a/usbguard-0.7.2.tar.gz b/usbguard-0.7.2.tar.gz new file mode 100644 index 0000000..7d74c18 Binary files /dev/null and b/usbguard-0.7.2.tar.gz differ diff --git a/usbguard-daemon.conf b/usbguard-daemon.conf new file mode 100644 index 0000000..e9800b2 --- /dev/null +++ b/usbguard-daemon.conf @@ -0,0 +1,173 @@ +# +# Rule set file path. +# +# The USBGuard daemon will use this file to load the policy +# rule set from it and to write new rules received via the +# IPC interface. +# +# RuleFile=/path/to/rules.conf +# +RuleFile=/etc/usbguard/rules.conf + +# +# Implicit policy target. +# +# How to treat devices that don't match any rule in the +# policy. One of: +# +# * allow - authorize the device +# * block - block the device +# * reject - remove the device +# +ImplicitPolicyTarget=block + +# +# Present device policy. +# +# How to treat devices that are already connected when the +# daemon starts. One of: +# +# * allow - authorize every present device +# * block - deauthorize every present device +# * reject - remove every present device +# * keep - just sync the internal state and leave it +# * apply-policy - evaluate the ruleset for every present +# device +# +PresentDevicePolicy=apply-policy + +# +# Present controller policy. +# +# How to treat USB controllers that are already connected +# when the daemon starts. One of: +# +# * allow - authorize every present device +# * block - deauthorize every present device +# * reject - remove every present device +# * keep - just sync the internal state and leave it +# * apply-policy - evaluate the ruleset for every present +# device +# +PresentControllerPolicy=keep + +# +# Inserted device policy. +# +# How to treat USB devices that are already connected +# *after* the daemon starts. One of: +# +# * block - deauthorize every present device +# * reject - remove every present device +# * apply-policy - evaluate the ruleset for every present +# device +# +InsertedDevicePolicy=apply-policy + +# +# Restore controller device state. +# +# The USBGuard daemon modifies some attributes of controller +# devices like the default authorization state of new child device +# instances. Using this setting, you can controll whether the +# daemon will try to restore the attribute values to the state +# before modificaton on shutdown. +# +# SECURITY CONSIDERATIONS: If set to true, the USB authorization +# policy could be bypassed by performing some sort of attack on the +# daemon (via a local exploit or via a USB device) to make it shutdown +# and restore to the operating-system default state (known to be permissive). +# +RestoreControllerDeviceState=false + +# +# Device manager backend +# +# Which device manager backend implementation to use. One of: +# +# * uevent - Netlink based implementation which uses sysfs to scan for present +# devices and an uevent netlink socket for receiving USB device +# related events. +# * dummy - A dummy device manager which simulates several devices and device +# events. Useful for testing. +# +DeviceManagerBackend=uevent + +#!!! WARNING: It's good practice to set at least one of the !!! +#!!! two options bellow. If none of them are set, !!! +#!!! the daemon will accept IPC connections from !!! +#!!! anyone, thus allowing anyone to modify the !!! +#!!! rule set and (de)authorize USB devices. !!! + +# +# Users allowed to use the IPC interface. +# +# A space delimited list of usernames that the daemon will +# accept IPC connections from. +# +# IPCAllowedUsers=username1 username2 ... +# +IPCAllowedUsers=root + +# +# Groups allowed to use the IPC interface. +# +# A space delimited list of groupnames that the daemon will +# accept IPC connections from. +# +# IPCAllowedGroups=groupname1 groupname2 ... +# +IPCAllowedGroups=wheel + +# +# IPC access control definition files path. +# +# The files at this location will be interpreted by the daemon +# as access control definition files. The (base)name of a file +# should be in the form: +# +# [user][:] +# +# and should contain lines in the form: +# +#
=[privilege] ... +# +# This way each file defines who is able to connect to the IPC +# bus and what privileges he has. +# +IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/ + +# +# Generate device specific rules including the "via-port" +# attribute. +# +# This option modifies the behavior of the allowDevice +# action. When instructed to generate a permanent rule, +# the action can generate a port specific rule. Because +# some systems have unstable port numbering, the generated +# rule might not match the device after rebooting the system. +# +# If set to false, the generated rule will still contain +# the "parent-hash" attribute which also defines an association +# to the parent device. See usbguard-rules.conf(5) for more +# details. +# +DeviceRulesWithPort=false + +# +# USBGuard Audit events log backend +# +# One of: +# +# * FileAudit - Log audit events into a file specified by +# AuditFilePath setting (see below) +# * LinuxAudit - Log audit events using the Linux Audit +# subsystem (using audit_log_user_message) +# +AuditBackend=FileAudit + +# +# USBGuard audit events log file path. +# +AuditFilePath=/var/log/usbguard/usbguard-audit.log + diff --git a/usbguard.spec b/usbguard.spec new file mode 100644 index 0000000..933be09 --- /dev/null +++ b/usbguard.spec @@ -0,0 +1,142 @@ +%global _hardened_build 1 + +Name: usbguard +Version: 0.7.2 +Release: 6 +Summary: A tool for computer usb guard +License: GPLv2+ +URL: https://usbguard.github.io/ +Source0: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz +Source1: usbguard-daemon.conf +Patch0000: 0001-Update-to-latest-PEGTL-API.patch +BuildRequires: libqb-devel libgcrypt-devel libstdc++-devel protobuf-devel protobuf-compiler PEGTL-static +BuildRequires: catch1-devel autoconf automake libtool bash-completion asciidoctor audit-libs-devel systemd +BuildRequires: qt5-qtbase-devel qt5-qtsvg-devel qt5-linguist dbus-glib-devel dbus-devel glib2-devel +BuildRequires: polkit-devel libxslt libxml2 +Requires: systemd + +%description +USBGuard helps to protect your computer against rogue USB devices. + +%package devel +Summary: Development files for usbguard +Requires: usbguard = %{version}-%{release} pkgconfig libstdc++-devel + +%description devel +Development libraries and header files for usbguard. + +%package tools +Summary: USBGuard Tools +Requires: usbguard = %{version}-%{release} + +%description tools +Optional tools from the USBGuard software framework. + +%package applet-qt +Summary: USBGuard Qt 5.x Applet +Requires: usbguard = %{version}-%{release} +Obsoletes: usbguard-applet-qt <= 0.3 + +%description applet-qt +Optional Qt 5.x desktop applet for interacting with the USBGuard daemon component. + +%package dbus +Summary: USBGuard D-Bus Service +Requires: usbguard = %{version}-%{release} dbus polkit + +%description dbus +Optional component that provides a D-Bus interface to the USBGuard daemon component. + +%package help +Summary: Documentation for usbguard +Requires: usbguard = %{version}-%{release} + +%description help +Documentation for usbguard + +%prep +%autosetup -n usbguard-%{version} -p1 +rm -rf src/ThirdParty/{Catch,PEGTL} + +%build +install -d ./m4 +autoreconf -i -v --no-recursive ./ +%configure --disable-silent-rules --without-bundled-catch --without-bundled-pegtl \ + --enable-systemd --with-gui-qt=qt5 --with-dbus --with-polkit \ + --with-crypto-library=gcrypt + +%make_build + +%check +make check + +%install +%make_install + +install -d %{buildroot}%{_sysconfdir}/usbguard/IPCAccessControl.d +cp %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf +chmod 644 %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf + +%delete_la + +%preun +%systemd_preun usbguard.service + +%post +/sbin/ldconfig +%systemd_post usbguard.service + +%postun +/sbin/ldconfig +%systemd_postun usbguard.service + +%preun dbus +%systemd_preun usbguard-dbus.service + +%post dbus +%systemd_post usbguard-dbus.service + +%postun dbus +%systemd_postun_with_restart usbguard-dbus.service + +%files +%doc LICENSE +%exclude %{_libdir}/*.a +%{_libdir}/*.so.* +%{_sbindir}/usbguard-daemon +%{_bindir}/usbguard +%dir %{_localstatedir}/log/usbguard +%dir %{_sysconfdir}/usbguard +%dir %{_sysconfdir}/usbguard/IPCAccessControl.d +%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf +%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf +%{_unitdir}/usbguard.service +%{_datadir}/bash-completion/completions/usbguard + +%files devel +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + +%files tools +%{_bindir}/usbguard-rule-parser + +%files applet-qt +%{_bindir}/usbguard-applet-qt +%{_datadir}/applications/usbguard-applet-qt.desktop +%{_datadir}/icons/hicolor/scalable/apps/usbguard-icon.svg + +%files dbus +%{_sbindir}/usbguard-dbus +%{_datadir}/dbus-1/system-services/org.usbguard.service +%{_datadir}/dbus-1/system.d/org.usbguard.conf +%{_datadir}/polkit-1/actions/org.usbguard.policy +%{_unitdir}/usbguard-dbus.service + +%files help +%doc README.adoc CHANGELOG.md +%{_mandir}/*/* + +%changelog +* Mon Apr 27 2020 lizhenhua - 0.7.2-6 +- Package init diff --git a/usbguard.yaml b/usbguard.yaml new file mode 100644 index 0000000..5f76a84 --- /dev/null +++ b/usbguard.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: USBGuard/usbguard +tag_prefix: usbguard- +seperator: .