diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-security/usbguard')
2 files changed, 174 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch new file mode 100644 index 0000000000..a7a3eb043d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard/0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch @@ -0,0 +1,106 @@ +From e36cbf9d7a32de9945a8b6c62ad29dfb60358081 Mon Sep 17 00:00:00 2001 +From: "Anu Deepthika, Nandipati" <Nandipati.AnuDeepthika@philips.com> +Date: Wed, 9 Mar 2022 02:03:51 +0530 +Subject: [PATCH] Add and use pkgconfig instead of libgcrypt-config + +Upstream-Status: Pending + +Signed-off-by: Anu Deepthika, Nandipati <Nandipati.AnuDeepthika@philips.com> +--- + m4/libgcrypt.m4 | 56 ++----------------------------------------------- + 1 file changed, 2 insertions(+), 54 deletions(-) + +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 +index 9a29eb5..465fe24 100644 +--- a/m4/libgcrypt.m4 ++++ b/m4/libgcrypt.m4 +@@ -22,17 +22,7 @@ dnl with a changed API. + dnl + AC_DEFUN([AM_PATH_LIBGCRYPT], + [ AC_REQUIRE([AC_CANONICAL_HOST]) +- AC_ARG_WITH(libgcrypt-prefix, +- AS_HELP_STRING([--with-libgcrypt-prefix=PFX], +- [prefix where LIBGCRYPT is installed (optional)]), +- libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") +- if test x$libgcrypt_config_prefix != x ; then +- if test x${LIBGCRYPT_CONFIG+set} != xset ; then +- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config +- fi +- fi + +- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) + tmp=ifelse([$1], ,1:1.2.0,$1) + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then + req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` +@@ -41,44 +31,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + req_libgcrypt_api=0 + min_libgcrypt_version="$tmp" + fi ++ PKG_CHECK_MODULES(LIBGCRYPT, [libgcrypt >= $min_libgcrypt_version], [ok=yes], [ok=no]) + +- AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) +- ok=no +- if test "$LIBGCRYPT_CONFIG" != "no" ; then +- req_major=`echo $min_libgcrypt_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` +- req_minor=`echo $min_libgcrypt_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` +- req_micro=`echo $min_libgcrypt_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` +- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` +- major=`echo $libgcrypt_config_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` +- minor=`echo $libgcrypt_config_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` +- micro=`echo $libgcrypt_config_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` +- if test "$major" -gt "$req_major"; then +- ok=yes +- else +- if test "$major" -eq "$req_major"; then +- if test "$minor" -gt "$req_minor"; then +- ok=yes +- else +- if test "$minor" -eq "$req_minor"; then +- if test "$micro" -ge "$req_micro"; then +- ok=yes +- fi +- fi +- fi +- fi +- fi +- fi +- if test $ok = yes; then +- AC_MSG_RESULT([yes ($libgcrypt_config_version)]) +- else +- AC_MSG_RESULT(no) +- fi + if test $ok = yes; then + # If we have a recent libgcrypt, we should also check that the + # API is compatible +@@ -96,10 +50,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + fi + fi + if test $ok = yes; then +- LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` +- LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` + ifelse([$2], , :, [$2]) +- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` ++ libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt` + if test x"$libgcrypt_config_host" != xnone ; then + if test x"$libgcrypt_config_host" != x"$host" ; then + AC_MSG_WARN([[ +@@ -112,10 +64,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + ***]]) + fi + fi +- else +- LIBGCRYPT_CFLAGS="" +- LIBGCRYPT_LIBS="" +- ifelse([$3], , :, [$3]) + fi + AC_SUBST(LIBGCRYPT_CFLAGS) + AC_SUBST(LIBGCRYPT_LIBS) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb b/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb new file mode 100644 index 0000000000..8df78ec817 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb @@ -0,0 +1,68 @@ +# Copyright (c) 2021 Koninklijke Philips N.V. +# +# SPDX-License-Identifier: MIT +# +SUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices" +DESCRIPTION = "The USBGuard software framework helps to protect your computer against \ +rogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \ +capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \ +computing device hashes (Supported values are sodium, gcrypt, openssl)." +HOMEPAGE = "https://usbguard.github.io/" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \ + file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch" + +SRC_URI[sha256sum] = "460ebfb4ffc5609739a202a3a1d9fda1c30de033b634845b8baa136352bfb432" + +inherit autotools-brokensep bash-completion pkgconfig systemd + +DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native pegtl protobuf protobuf-native xmlto-native" + +S = "${WORKDIR}/${BPN}-${PV}" + +EXTRA_OECONF += "\ + --with-bundled-catch \ + --with-bundled-pegtl \ +" + +PACKAGECONFIG ?= "\ + openssl \ + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ +" + +# USBGuard has made polkit mandatory to configure with-dbus +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit" +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl" +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl" +PACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium" +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit" +PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" + +SYSTEMD_PACKAGES = "${PN}" + +SYSTEMD_SERVICE:${PN} = "usbguard.service ${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'usbguard-dbus.service', '', d)}" + +FILES:${PN} += "\ + ${systemd_unitdir}/system/usbguard.service \ + ${systemd_unitdir}/system/usbguard-dbus.service \ + ${datadir}/polkit-1 \ + ${datadir}/dbus-1 \ + ${nonarch_libdir}/tmpfiles.d \ +" + +do_install:append() { +# Create /var/log/usbguard in runtime. + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then + install -d ${D}${nonarch_libdir}/tmpfiles.d + echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf + fi + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then + install -d ${D}${sysconfdir}/default/volatiles + echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN} + fi + rm -rf ${D}${localstatedir}/log +} |