summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-security/usbguard/usbguard_1.1.3.bb
blob: 752938057ab8fe3de1ca28bc4bdcf7be9c8601fc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Copyright (c) 2021 Koninklijke Philips N.V.
#
# SPDX-License-Identifier: MIT
#
SUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices"
DESCRIPTION = "The USBGuard software framework helps to protect your computer against \
rogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \
capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \
computing device hashes (Supported values are sodium, gcrypt, openssl)."
HOMEPAGE = "https://usbguard.github.io/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"

SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
    file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch"

SRC_URI[sha256sum] = "707dad2938923202697f636c2b4e0be80f192242039a2af3fc7ac35d03f78551"

inherit autotools-brokensep bash-completion pkgconfig systemd github-releases

DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native protobuf protobuf-native xmlto-native"

UPSTREAM_CHECK_REGEX = "releases/tag/usbguard-(?P<pver>\d+(\.\d+)+)"

EXTRA_OECONF += "\
    --with-bundled-catch \
    --with-bundled-pegtl \
"

PACKAGECONFIG ?= "\
    openssl \
    ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \
    ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
"

# USBGuard has made polkit mandatory to configure with-dbus
PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit"
PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl"
PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl"
PACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium"
PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"

SYSTEMD_PACKAGES = "${PN}"

SYSTEMD_SERVICE:${PN} = "usbguard.service ${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'usbguard-dbus.service', '', d)}"

FILES:${PN} += "\
    ${systemd_unitdir}/system/usbguard.service \
    ${systemd_unitdir}/system/usbguard-dbus.service \
    ${datadir}/polkit-1 \
    ${datadir}/dbus-1 \
    ${nonarch_libdir}/tmpfiles.d \
"

do_install:append() {
# Create /var/log/usbguard in runtime.
    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
        install -d ${D}${nonarch_libdir}/tmpfiles.d
        echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
    fi
    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
        install -d ${D}${sysconfdir}/default/volatiles
        echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
    fi
    rm -rf ${D}${localstatedir}/log
}