[oe] [meta-oe][PATCH v4] usbguard: Initial recipe

Mon Jul 29 08:04:32 UTC 2019

Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB)
by implementing basic whitelisting and blacklisting capabilities based on device attributes.
---
 ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++
 .../usbguard/usbguard_0.7.4.bb                | 37 +++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
 create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb

diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
new file mode 100644
index 000000000..022320b40
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
@@ -0,0 +1,25 @@
+From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001
+From: Ayoub Zaki <ayoub.zaki at embexus.com>
+Date: Mon, 29 Jul 2019 09:46:56 +0200
+Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config
+
+---
+ m4/libgcrypt.m4 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
+index 6cf482f..d674eae 100644
+--- a/m4/libgcrypt.m4
++++ b/m4/libgcrypt.m4
+@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+      libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+   if test x$libgcrypt_config_prefix != x ; then
+      if test x${LIBGCRYPT_CONFIG+set} != xset ; then
+-        LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
++        LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt)
+      fi
+   fi
+ 
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
new file mode 100644
index 000000000..75ab62c3a
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
@@ -0,0 +1,37 @@
+DESCRIPTION="USBGuard framework helps to protect against BadUSB."
+HOMEPAGE="https://github.com/dkopecek/usbguard"
+LICENSE="GPLv2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
+
+SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c"
+SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \
+           file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \
+          "
+
+inherit autotools pkgconfig systemd bash-completion
+
+S = "${WORKDIR}/git"
+
+DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
+	dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
+
+EXTRA_OECONF += "--with-bundled-catch"
+
+PACKAGECONFIG ??= "libsodium \
+	${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+	${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
+
+PACKAGECONFIG[systemd]   = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
+PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
+PACKAGECONFIG[polkit]    = "--with-polkit,--without-polkit"
+PACKAGECONFIG[dbus]      = "--with-dbus,--without-dbus"
+
+SYSTEMD_SERVICE_${PN} = "${PN}.service"
+SYSTEMD_PACKAGES += "${PN}"
+
+do_install_append(){
+	
+	sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \ 
+						${D}${sysconfdir}/usbguard/usbguard-daemon.conf
+}
-- 
2.17.1

