[oe] [meta-oe][PATCH v4] usbguard: Initial recipe

Khem Raj raj.khem at gmail.com
Mon Jul 29 14:40:43 UTC 2019 

there are build failures still

https://errors.yoctoproject.org/Errors/Details/255457/

On Mon, Jul 29, 2019 at 7:14 AM Khem Raj <raj.khem at gmail.com> wrote:
>
> On Mon, Jul 29, 2019 at 1:04 AM Ayoub Zaki <ayoub.zaki at embexus.com> wrote:
> >
> > Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB)
> > by implementing basic whitelisting and blacklisting capabilities based on device attributes.
> > ---
> >  ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++
> >  .../usbguard/usbguard_0.7.4.bb                | 37 +++++++++++++++++++
> >  2 files changed, 62 insertions(+)
> >  create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> >  create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> >
> > diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> > new file mode 100644
> > index 000000000..022320b40
> > --- /dev/null
> > +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> > @@ -0,0 +1,25 @@
> > +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001
> > +From: Ayoub Zaki <ayoub.zaki at embexus.com>
> > +Date: Mon, 29 Jul 2019 09:46:56 +0200
> > +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config
> > +
> > +---
> > + m4/libgcrypt.m4 | 2 +-
> > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > +
> > +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
> > +index 6cf482f..d674eae 100644
> > +--- a/m4/libgcrypt.m4
> > ++++ b/m4/libgcrypt.m4
> > +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
> > +      libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
> > +   if test x$libgcrypt_config_prefix != x ; then
> > +      if test x${LIBGCRYPT_CONFIG+set} != xset ; then
> > +-        LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
> > ++        LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt)
> > +      fi
> > +   fi
> > +
> > +--
> > +2.17.1
> > +
> > diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> > new file mode 100644
> > index 000000000..75ab62c3a
> > --- /dev/null
> > +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> > @@ -0,0 +1,37 @@
> > +DESCRIPTION="USBGuard framework helps to protect against BadUSB."
> > +HOMEPAGE="https://github.com/dkopecek/usbguard"
> > +LICENSE="GPLv2"
> > +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
> > +
> > +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c"
> > +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \
> > +           file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \
> > +          "
> > +
> > +inherit autotools pkgconfig systemd bash-completion
> > +
> > +S = "${WORKDIR}/git"
> > +
> > +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
> > +       dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
> > +
>
> make it +=
>
> > +EXTRA_OECONF += "--with-bundled-catch"
> > +
>
> we do have catch package recipe, have you considered using that
>
> > +PACKAGECONFIG ??= "libsodium \
> > +       ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
> > +       ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
> > +
> > +PACKAGECONFIG[systemd]   = "--enable-systemd,--disable-systemd"
> > +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
> > +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
> > +PACKAGECONFIG[polkit]    = "--with-polkit,--without-polkit"
> > +PACKAGECONFIG[dbus]      = "--with-dbus,--without-dbus"
> > +
>
> I think the dependencies added unconditionally above should be added
> via packageconfigs.
>
> > +SYSTEMD_SERVICE_${PN} = "${PN}.service"
> > +SYSTEMD_PACKAGES += "${PN}"
>
> Using PN on right hand side will fail for multilib builds. May be use BPN
>
> > +
> > +do_install_append(){
> > +
> > +       sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \
> > +                                               ${D}${sysconfdir}/usbguard/usbguard-daemon.conf
> > +}
> > --
> > 2.17.1
> >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel

More information about the Openembedded-devel mailing list