[oe] [meta-oe][PATCH v4] usbguard: Initial recipe

Khem Raj raj.khem at gmail.com
Mon Jul 29 14:14:17 UTC 2019 

On Mon, Jul 29, 2019 at 1:04 AM Ayoub Zaki <ayoub.zaki at embexus.com> wrote:
>
> Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB)
> by implementing basic whitelisting and blacklisting capabilities based on device attributes.
> ---
>  ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++
>  .../usbguard/usbguard_0.7.4.bb                | 37 +++++++++++++++++++
>  2 files changed, 62 insertions(+)
>  create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
>  create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
>
> diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> new file mode 100644
> index 000000000..022320b40
> --- /dev/null
> +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> @@ -0,0 +1,25 @@
> +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001
> +From: Ayoub Zaki <ayoub.zaki at embexus.com>
> +Date: Mon, 29 Jul 2019 09:46:56 +0200
> +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config
> +
> +---
> + m4/libgcrypt.m4 | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
> +index 6cf482f..d674eae 100644
> +--- a/m4/libgcrypt.m4
> ++++ b/m4/libgcrypt.m4
> +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
> +      libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
> +   if test x$libgcrypt_config_prefix != x ; then
> +      if test x${LIBGCRYPT_CONFIG+set} != xset ; then
> +-        LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
> ++        LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt)
> +      fi
> +   fi
> +
> +--
> +2.17.1
> +
> diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> new file mode 100644
> index 000000000..75ab62c3a
> --- /dev/null
> +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> @@ -0,0 +1,37 @@
> +DESCRIPTION="USBGuard framework helps to protect against BadUSB."
> +HOMEPAGE="https://github.com/dkopecek/usbguard"
> +LICENSE="GPLv2"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
> +
> +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c"
> +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \
> +           file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \
> +          "
> +
> +inherit autotools pkgconfig systemd bash-completion
> +
> +S = "${WORKDIR}/git"
> +
> +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
> +       dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
> +

make it +=

> +EXTRA_OECONF += "--with-bundled-catch"
> +

we do have catch package recipe, have you considered using that

> +PACKAGECONFIG ??= "libsodium \
> +       ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
> +       ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
> +
> +PACKAGECONFIG[systemd]   = "--enable-systemd,--disable-systemd"
> +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
> +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
> +PACKAGECONFIG[polkit]    = "--with-polkit,--without-polkit"
> +PACKAGECONFIG[dbus]      = "--with-dbus,--without-dbus"
> +

I think the dependencies added unconditionally above should be added
via packageconfigs.

> +SYSTEMD_SERVICE_${PN} = "${PN}.service"
> +SYSTEMD_PACKAGES += "${PN}"

Using PN on right hand side will fail for multilib builds. May be use BPN

> +
> +do_install_append(){
> +
> +       sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \
> +                                               ${D}${sysconfdir}/usbguard/usbguard-daemon.conf
> +}
> --
> 2.17.1
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

More information about the Openembedded-devel mailing list