2 files changed, 181 insertions, 0 deletions
diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch
new file mode 100644
index 0000000000..a7a3eb043d
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch
@@ -0,0 +1,106 @@
+From e36cbf9d7a32de9945a8b6c62ad29dfb60358081 Mon Sep 17 00:00:00 2001
+From: "Anu Deepthika, Nandipati" <Nandipati.AnuDeepthika@philips.com>
+Date: Wed, 9 Mar 2022 02:03:51 +0530
+Subject: [PATCH] Add and use pkgconfig instead of libgcrypt-config
+Upstream-Status: Pending
+Signed-off-by: Anu Deepthika, Nandipati <Nandipati.AnuDeepthika@philips.com>
+---
+ m4/libgcrypt.m4 | 56 ++-----------------------------------------------
+ 1 file changed, 2 insertions(+), 54 deletions(-)
+diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
+index 9a29eb5..465fe24 100644
+--- a/m4/libgcrypt.m4
+++ b/m4/libgcrypt.m4
+@@ -22,17 +22,7 @@ dnl with a changed API.
+ dnl
+ AC_DEFUN([AM_PATH_LIBGCRYPT],
+ [ AC_REQUIRE([AC_CANONICAL_HOST])
+-  AC_ARG_WITH(libgcrypt-prefix,
+-            AS_HELP_STRING([--with-libgcrypt-prefix=PFX],
+-                           [prefix where LIBGCRYPT is installed (optional)]),
+-     libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+-  if test x$libgcrypt_config_prefix != x ; then
+-     if test x${LIBGCRYPT_CONFIG+set} != xset ; then
+-        LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+-     fi
+-  fi
+ 
+-  AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+   tmp=ifelse([$1], ,1:1.2.0,$1)
+   if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+      req_libgcrypt_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
+@@ -41,44 +31,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+      req_libgcrypt_api=0
+      min_libgcrypt_version="$tmp"
+   fi
+  PKG_CHECK_MODULES(LIBGCRYPT, [libgcrypt >= $min_libgcrypt_version], [ok=yes], [ok=no])
+ 
+-  AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
+-  ok=no
+-  if test "$LIBGCRYPT_CONFIG" != "no" ; then
+-    req_major=`echo $min_libgcrypt_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+-    req_minor=`echo $min_libgcrypt_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+-    req_micro=`echo $min_libgcrypt_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+-    libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+-    major=`echo $libgcrypt_config_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+-    minor=`echo $libgcrypt_config_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+-    micro=`echo $libgcrypt_config_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+-    if test "$major" -gt "$req_major"; then
+-        ok=yes
+-    else
+-        if test "$major" -eq "$req_major"; then
+-            if test "$minor" -gt "$req_minor"; then
+-               ok=yes
+-            else
+-               if test "$minor" -eq "$req_minor"; then
+-                   if test "$micro" -ge "$req_micro"; then
+-                     ok=yes
+-                   fi
+-               fi
+-            fi
+-        fi
+-    fi
+-  fi
+-  if test $ok = yes; then
+-    AC_MSG_RESULT([yes ($libgcrypt_config_version)])
+-  else
+-    AC_MSG_RESULT(no)
+-  fi
+   if test $ok = yes; then
+      # If we have a recent libgcrypt, we should also check that the
+      # API is compatible
+@@ -96,10 +50,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+      fi
+   fi
+   if test $ok = yes; then
+-    LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+-    LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+     ifelse([$2], , :, [$2])
+-    libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
+       libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt`
+     if test x"$libgcrypt_config_host" != xnone ; then
+       if test x"$libgcrypt_config_host" != x"$host" ; then
+   AC_MSG_WARN([[
+@@ -112,10 +64,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+ ***]])
+       fi
+     fi
+-  else
+-    LIBGCRYPT_CFLAGS=""
+-    LIBGCRYPT_LIBS=""
+-    ifelse([$3], , :, [$3])
+   fi
+   AC_SUBST(LIBGCRYPT_CFLAGS)
+   AC_SUBST(LIBGCRYPT_LIBS)
+-- 
+2.25.1
diff --git a/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb b/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb
new file mode 100644
index 0000000000..4ecaa4e6bd
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb
@@ -0,0 +1,75 @@
+# Copyright (c) 2021 Koninklijke Philips N.V.
+#
+# SPDX-License-Identifier: MIT
+#
+SUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices"
+DESCRIPTION = "The USBGuard software framework helps to protect your computer against \
+rogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \
+capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \
+computing device hashes (Supported values are sodium, gcrypt, openssl)."
+HOMEPAGE = "https://usbguard.github.io/"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
+    file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch"
+SRC_URI[sha256sum] = "460ebfb4ffc5609739a202a3a1d9fda1c30de033b634845b8baa136352bfb432"
+inherit autotools-brokensep bash-completion pkgconfig systemd
+DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native pegtl protobuf protobuf-native xmlto-native"
+S = "${WORKDIR}/${BPN}-${PV}"
+EXTRA_OECONF += "\
+    --with-bundled-catch \
+    --with-bundled-pegtl \
+"
+PACKAGECONFIG ?= "\
+    openssl \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+"
+# USBGuard has made polkit mandatory to configure with-dbus
+PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit"
+PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl"
+PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl"
+PACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium"
+PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
+PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = "usbguard.service"
+SYSTEMD_PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'dbus', '${PN}-dbus', '', d)}"
+SYSTEMD_SERVICE:${PN}-dbus = "usbguard-dbus.service"
+PACKAGES =+ "${PN}-dbus"
+FILES:${PN} += "\
+    ${systemd_unitdir}/system/usbguard.service \
+    ${systemd_unitdir}/system/usbguard-dbus.service \
+    ${datadir}/polkit-1 \
+    ${datadir}/polkit-1/actions \
+    ${datadir}/dbus-1 \
+    ${nonarch_libdir}/tmpfiles.d \
+"
+do_install:append() {
+# Create /var/log/usbguard in runtime.
+    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
+        install -d ${D}${nonarch_libdir}/tmpfiles.d
+        echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
+    fi
+    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
+        install -d ${D}${sysconfdir}/default/volatiles
+        echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
+    fi
+    rm -rf ${D}${localstatedir}/log
+}

diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch new file mode 100644 index 0000000000..a7a3eb043d --- /dev/null +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch
@@ -0,0 +1,106 @@
	1	From e36cbf9d7a32de9945a8b6c62ad29dfb60358081 Mon Sep 17 00:00:00 2001
	2	From: "Anu Deepthika, Nandipati" <Nandipati.AnuDeepthika@philips.com>
	3	Date: Wed, 9 Mar 2022 02:03:51 +0530
	4	Subject: [PATCH] Add and use pkgconfig instead of libgcrypt-config
	5
	6	Upstream-Status: Pending
	7
	8	Signed-off-by: Anu Deepthika, Nandipati <Nandipati.AnuDeepthika@philips.com>
	9	---
	10	m4/libgcrypt.m4 \| 56 ++-----------------------------------------------
	11	1 file changed, 2 insertions(+), 54 deletions(-)
	12
	13	diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
	14	index 9a29eb5..465fe24 100644
	15	--- a/m4/libgcrypt.m4
	16	+++ b/m4/libgcrypt.m4
	17	@@ -22,17 +22,7 @@ dnl with a changed API.
	18	dnl
	19	AC_DEFUN([AM_PATH_LIBGCRYPT],
	20	[ AC_REQUIRE([AC_CANONICAL_HOST])
	21	- AC_ARG_WITH(libgcrypt-prefix,
	22	- AS_HELP_STRING([--with-libgcrypt-prefix=PFX],
	23	- [prefix where LIBGCRYPT is installed (optional)]),
	24	- libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
	25	- if test x$libgcrypt_config_prefix != x ; then
	26	- if test x${LIBGCRYPT_CONFIG+set} != xset ; then
	27	- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
	28	- fi
	29	- fi
	30
	31	- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
	32	tmp=ifelse([$1], ,1:1.2.0,$1)
	33	if echo "$tmp" \| grep ':' >/dev/null 2>/dev/null ; then
	34	req_libgcrypt_api=`echo "$tmp" \| sed 's/\(.\):\(.\)/\1/'`
	35	@@ -41,44 +31,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
	36	req_libgcrypt_api=0
	37	min_libgcrypt_version="$tmp"
	38	fi
	39	+ PKG_CHECK_MODULES(LIBGCRYPT, [libgcrypt >= $min_libgcrypt_version], [ok=yes], [ok=no])
	40
	41	- AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
	42	- ok=no
	43	- if test "$LIBGCRYPT_CONFIG" != "no" ; then
	44	- req_major=`echo $min_libgcrypt_version \| \
	45	- sed 's/\([[0-9]]\)\.\([[0-9]]\)\.\([[0-9]]*\)/\1/'`
	46	- req_minor=`echo $min_libgcrypt_version \| \
	47	- sed 's/\([[0-9]]\)\.\([[0-9]]\)\.\([[0-9]]*\)/\2/'`
	48	- req_micro=`echo $min_libgcrypt_version \| \
	49	- sed 's/\([[0-9]]\)\.\([[0-9]]\)\.\([[0-9]]*\)/\3/'`
	50	- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
	51	- major=`echo $libgcrypt_config_version \| \
	52	- sed 's/\([[0-9]]\)\.\([[0-9]]\)\.\([[0-9]]\)./\1/'`
	53	- minor=`echo $libgcrypt_config_version \| \
	54	- sed 's/\([[0-9]]\)\.\([[0-9]]\)\.\([[0-9]]\)./\2/'`
	55	- micro=`echo $libgcrypt_config_version \| \
	56	- sed 's/\([[0-9]]\)\.\([[0-9]]\)\.\([[0-9]]\)./\3/'`
	57	- if test "$major" -gt "$req_major"; then
	58	- ok=yes
	59	- else
	60	- if test "$major" -eq "$req_major"; then
	61	- if test "$minor" -gt "$req_minor"; then
	62	- ok=yes
	63	- else
	64	- if test "$minor" -eq "$req_minor"; then
	65	- if test "$micro" -ge "$req_micro"; then
	66	- ok=yes
	67	- fi
	68	- fi
	69	- fi
	70	- fi
	71	- fi
	72	- fi
	73	- if test $ok = yes; then
	74	- AC_MSG_RESULT([yes ($libgcrypt_config_version)])
	75	- else
	76	- AC_MSG_RESULT(no)
	77	- fi
	78	if test $ok = yes; then
	79	# If we have a recent libgcrypt, we should also check that the
	80	# API is compatible
	81	@@ -96,10 +50,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
	82	fi
	83	fi
	84	if test $ok = yes; then
	85	- LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
	86	- LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
	87	ifelse([$2], , :, [$2])
	88	- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null \|\| echo none`
	89	+ libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt`
	90	if test x"$libgcrypt_config_host" != xnone ; then
	91	if test x"$libgcrypt_config_host" != x"$host" ; then
	92	AC_MSG_WARN([[
	93	@@ -112,10 +64,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
	94	***]])
	95	fi
	96	fi
	97	- else
	98	- LIBGCRYPT_CFLAGS=""
	99	- LIBGCRYPT_LIBS=""
	100	- ifelse([$3], , :, [$3])
	101	fi
	102	AC_SUBST(LIBGCRYPT_CFLAGS)
	103	AC_SUBST(LIBGCRYPT_LIBS)
	104	--
	105	2.25.1
	106


diff --git a/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb b/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb new file mode 100644 index 0000000000..4ecaa4e6bd --- /dev/null +++ b/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb
@@ -0,0 +1,75 @@
	1	# Copyright (c) 2021 Koninklijke Philips N.V.
	2	#
	3	# SPDX-License-Identifier: MIT
	4	#
	5	SUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices"
	6	DESCRIPTION = "The USBGuard software framework helps to protect your computer against \
	7	rogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \
	8	capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \
	9	computing device hashes (Supported values are sodium, gcrypt, openssl)."
	10	HOMEPAGE = "https://usbguard.github.io/"
	11	LICENSE = "GPL-2.0-only"
	12	LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
	13
	14	SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
	15	file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch"
	16
	17	SRC_URI[sha256sum] = "460ebfb4ffc5609739a202a3a1d9fda1c30de033b634845b8baa136352bfb432"
	18
	19	inherit autotools-brokensep bash-completion pkgconfig systemd
	20
	21	DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native pegtl protobuf protobuf-native xmlto-native"
	22
	23	S = "${WORKDIR}/${BPN}-${PV}"
	24
	25	EXTRA_OECONF += "\
	26	--with-bundled-catch \
	27	--with-bundled-pegtl \
	28	"
	29
	30	PACKAGECONFIG ?= "\
	31	openssl \
	32	${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \
	33	${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
	34	"
	35
	36	# USBGuard has made polkit mandatory to configure with-dbus
	37	PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit"
	38	PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl"
	39	PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl"
	40	PACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium"
	41	PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
	42	PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
	43	PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
	44
	45	SYSTEMD_PACKAGES = "${PN}"
	46
	47	SYSTEMD_SERVICE:${PN} = "usbguard.service"
	48
	49	SYSTEMD_PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'dbus', '${PN}-dbus', '', d)}"
	50
	51	SYSTEMD_SERVICE:${PN}-dbus = "usbguard-dbus.service"
	52
	53	PACKAGES =+ "${PN}-dbus"
	54
	55	FILES:${PN} += "\
	56	${systemd_unitdir}/system/usbguard.service \
	57	${systemd_unitdir}/system/usbguard-dbus.service \
	58	${datadir}/polkit-1 \
	59	${datadir}/polkit-1/actions \
	60	${datadir}/dbus-1 \
	61	${nonarch_libdir}/tmpfiles.d \
	62	"
	63
	64	do_install:append() {
	65	# Create /var/log/usbguard in runtime.
	66	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
	67	install -d ${D}${nonarch_libdir}/tmpfiles.d
	68	echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
	69	fi
	70	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
	71	install -d ${D}${sysconfdir}/default/volatiles
	72	echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
	73	fi
	74	rm -rf ${D}${localstatedir}/log
	75	}