| Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 1 | # Copyright (c) 2021 Koninklijke Philips N.V. |
| 2 | # |
| 3 | # SPDX-License-Identifier: MIT |
| 4 | # |
| 5 | SUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices" |
| 6 | DESCRIPTION = "The USBGuard software framework helps to protect your computer against \ |
| 7 | rogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \ |
| 8 | capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \ |
| 9 | computing device hashes (Supported values are sodium, gcrypt, openssl)." |
| 10 | HOMEPAGE = "https://usbguard.github.io/" |
| 11 | LICENSE = "GPL-2.0-only" |
| 12 | LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" |
| 13 | |
| 14 | SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \ |
| Patrick Williams | b9af875 | 2023-01-30 13:28:01 -0600 | [diff] [blame] | 15 | file://0001-include-missing-cstdint.patch \ |
| Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 16 | file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch" |
| 17 | |
| 18 | SRC_URI[sha256sum] = "dcf5c90f3f93030e04df1baeb8d388b678c40dd48b135ea12a7be7dee8944934" |
| 19 | |
| 20 | inherit autotools-brokensep bash-completion pkgconfig systemd github-releases |
| 21 | |
| 22 | DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native protobuf protobuf-native xmlto-native" |
| 23 | |
| 24 | UPSTREAM_CHECK_REGEX = "releases/tag/usbguard-(?P<pver>\d+(\.\d+)+)" |
| 25 | |
| 26 | EXTRA_OECONF += "\ |
| 27 | --with-bundled-catch \ |
| 28 | --with-bundled-pegtl \ |
| 29 | " |
| 30 | |
| 31 | PACKAGECONFIG ?= "\ |
| 32 | openssl \ |
| 33 | ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \ |
| Andrew Geissler | 220dafd | 2023-10-04 10:18:08 -0500 | [diff] [blame^] | 34 | ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \ |
| Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 35 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ |
| 36 | " |
| 37 | |
| 38 | # USBGuard has made polkit mandatory to configure with-dbus |
| 39 | PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit" |
| 40 | PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl" |
| 41 | PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl" |
| 42 | PACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium" |
| 43 | PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit" |
| 44 | PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" |
| 45 | PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" |
| 46 | |
| 47 | SYSTEMD_PACKAGES = "${PN}" |
| 48 | |
| 49 | SYSTEMD_SERVICE:${PN} = "usbguard.service ${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'usbguard-dbus.service', '', d)}" |
| 50 | |
| 51 | FILES:${PN} += "\ |
| 52 | ${systemd_unitdir}/system/usbguard.service \ |
| 53 | ${systemd_unitdir}/system/usbguard-dbus.service \ |
| 54 | ${datadir}/polkit-1 \ |
| 55 | ${datadir}/dbus-1 \ |
| 56 | ${nonarch_libdir}/tmpfiles.d \ |
| 57 | " |
| 58 | |
| 59 | do_install:append() { |
| 60 | # Create /var/log/usbguard in runtime. |
| 61 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then |
| 62 | install -d ${D}${nonarch_libdir}/tmpfiles.d |
| 63 | echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf |
| 64 | fi |
| 65 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then |
| 66 | install -d ${D}${sysconfdir}/default/volatiles |
| 67 | echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN} |
| 68 | fi |
| 69 | rm -rf ${D}${localstatedir}/log |
| 70 | } |