[Buildroot] [PATCH v2 2/2] package/usbguard: new package

Kamel Bouhara kamel.bouhara at bootlin.com
Thu Jun 17 07:37:16 UTC 2021


On Wed, Jun 16, 2021 at 11:42:49PM +0200, Arnout Vandecappelle wrote:
>
>
> On 08/06/2021 14:32, Kamel Bouhara wrote:
> > usbguard is a software framework to implement USB
> > device blacklisting and whitelisting based on their
> > attributes.
> >
> > More info. on: https://usbguard.github.io/
> >
> > Signed-off-by: Kamel Bouhara <kamel.bouhara at bootlin.com>
>
>  v3 never came, but I applied to master after all. The default is deny all, so
> that's OK. I just mentioned in the help text that rules.conf has to be created.
>

Sorry, I've been busy lately.

> [snip]
> > +config BR2_PACKAGE_USBGUARD
> > +	bool "usbguard"
> > +	depends on BR2_USE_WCHAR # glib2
> > +	depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
> > +	depends on BR2_USE_MMU # glib2
> > +	depends on BR2_PACKAGE_PROTOBUF
>
>  The glib2 is wrong here, and the depends on protobuf should be a select (and
> propagating its dependencies). I changed it like that.
>

I have to admit it's another bad copy pasting but the dependencies are
still relevant.

I tough the select was only reserved to libraries.

>  Applied to master with those two changes, thanks.

Ack, thanks.

Kamel

>
>  It would be nice to add dbus support, but if someone needs that they can do it.
>
>  Regards,
>  Arnout
>
> > +	select BR2_PACKAGE_LIBQB
> > +	help
> > +	  The USBGuard software framework
> > +
> > +	  https://usbguard.github.io/
> > +
> > +comment "usbguard needs a glibc toolchain w/ threads and wchar"
> > +	depends on BR2_USE_MMU
> > +	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
> > diff --git a/package/usbguard/S20usbguard b/package/usbguard/S20usbguard
> > new file mode 100644
> > index 0000000000..b16d7b4aa2
> > --- /dev/null
> > +++ b/package/usbguard/S20usbguard
> > @@ -0,0 +1,37 @@
> > +#!/bin/sh
> > +#
> > +# Start psplash
> > +#
> > +
> > +PIDFILE=/var/run/$NAME.pid
> > +
> > +start() {
> > +    printf "Starting usbguard daemon: "
> > +    test -d /var/log/usbguard || mkdir -p /var/log/usbguard
> > +    start-stop-daemon -b -S -q -m -p $PIDFILE --exec /usr/sbin/usbguard-daemon -- -f -s -c /etc/usbguard/usbguard-daemon.conf
> > +    [ $? = 0 ] && echo "OK" || echo "FAIL"
> > +}
> > +
> > +stop() {
> > +    printf "Stopping usbguard daemon: "
> > +    start-stop-daemon -K -q -p $PIDFILE
> > +    [ $? = 0 ] && echo "OK" || echo "FAIL"
> > +}
> > +
> > +case "$1" in
> > +    start)
> > +	start
> > +	;;
> > +    stop)
> > +	stop
> > +	;;
> > +    restart|reload)
> > +	stop
> > +	start
> > +	;;
> > +    *)
> > +	echo "Usage: $0 {start|stop|restart}"
> > +	exit 1
> > +esac
> > +
> > +exit $?
> > diff --git a/package/usbguard/usbguard.hash b/package/usbguard/usbguard.hash
> > new file mode 100644
> > index 0000000000..fd77acc75a
> > --- /dev/null
> > +++ b/package/usbguard/usbguard.hash
> > @@ -0,0 +1,3 @@
> > +# Locally calculated
> > +sha256  5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42  usbguard-1.0.0.tar.gz
> > +sha256  a45d0bb572ed792ed34627a72621834b3ba92aab6e2cc4e04301dee7a728d753  LICENSE
> > diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
> > new file mode 100644
> > index 0000000000..72e9e6459a
> > --- /dev/null
> > +++ b/package/usbguard/usbguard.mk
> > @@ -0,0 +1,50 @@
> > +################################################################################
> > +#
> > +## usbguard
> > +#
> > +################################################################################
> > +
> > +USBGUARD_VERSION = 1.0.0
> > +USBGUARD_SITE = https://github.com/USBGuard/usbguard/releases/download/usbguard-$(USBGUARD_VERSION)
> > +USBGUARD_LICENSE = GPL-2.0+
> > +USBGUARD_LICENSE_FILES = LICENSE
> > +USBGUARD_CONF_OPTS= --with-bundled-catch --with-bundled-pegtl \
> > +		    --disable-debug-build --without-dbus --without-polkit \
> > +		    --disable-seccomp --disable-umockdev --disable-systemd
> > +
> > +USBGUARD_DEPENDENCIES += libqb protobuf
> > +
> > +ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=openssl
> > +USBGUARD_DEPENDENCIES += libopenssl
> > +endif
> > +ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=gcrypt
> > +USBGUARD_DEPENDENCIES += libgcrypt
> > +endif
> > +ifeq ($(BR2_PACKAGE_LIBSODIUM),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=sodium
> > +USBGUARD_DEPENDENCIES += libsodium
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> > +USBGUARD_CONF_OPTS += --enable-systemd
> > +USBGUARD_DEPENDENCIES += systemd
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> > +USBGUARD_CONF_OPTS += --enable-seccomp
> > +USBGUARD_DEPENDENCIES += libseccomp
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
> > +USBGUARD_CONF_OPTS += --enable-libcapng
> > +USBGUARD_DEPENDENCIES += libcap-ng
> > +endif
> > +
> > +define USBGUARD_INSTALL_INIT_SYSV
> > +	$(INSTALL) -m 0755 -D package/usbguard/S20usbguard \
> > +		$(TARGET_DIR)/etc/init.d/S20usbguard
> > +endef
> > +
> > +$(eval $(autotools-package))
> > --
> > 2.30.2
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
> >
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

--
Kamel Bouhara, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com



More information about the buildroot mailing list