[Buildroot] [PATCH v2 2/2] package/usbguard: new package
Kamel Bouhara
kamel.bouhara at bootlin.com
Thu Jun 17 07:37:16 UTC 2021
On Wed, Jun 16, 2021 at 11:42:49PM +0200, Arnout Vandecappelle wrote:
>
>
> On 08/06/2021 14:32, Kamel Bouhara wrote:
> > usbguard is a software framework to implement USB
> > device blacklisting and whitelisting based on their
> > attributes.
> >
> > More info. on: https://usbguard.github.io/
> >
> > Signed-off-by: Kamel Bouhara <kamel.bouhara at bootlin.com>
>
> v3 never came, but I applied to master after all. The default is deny all, so
> that's OK. I just mentioned in the help text that rules.conf has to be created.
>
Sorry, I've been busy lately.
> [snip]
> > +config BR2_PACKAGE_USBGUARD
> > + bool "usbguard"
> > + depends on BR2_USE_WCHAR # glib2
> > + depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
> > + depends on BR2_USE_MMU # glib2
> > + depends on BR2_PACKAGE_PROTOBUF
>
> The glib2 is wrong here, and the depends on protobuf should be a select (and
> propagating its dependencies). I changed it like that.
>
I have to admit it's another bad copy pasting but the dependencies are
still relevant.
I tough the select was only reserved to libraries.
> Applied to master with those two changes, thanks.
Ack, thanks.
Kamel
>
> It would be nice to add dbus support, but if someone needs that they can do it.
>
> Regards,
> Arnout
>
> > + select BR2_PACKAGE_LIBQB
> > + help
> > + The USBGuard software framework
> > +
> > + https://usbguard.github.io/
> > +
> > +comment "usbguard needs a glibc toolchain w/ threads and wchar"
> > + depends on BR2_USE_MMU
> > + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
> > diff --git a/package/usbguard/S20usbguard b/package/usbguard/S20usbguard
> > new file mode 100644
> > index 0000000000..b16d7b4aa2
> > --- /dev/null
> > +++ b/package/usbguard/S20usbguard
> > @@ -0,0 +1,37 @@
> > +#!/bin/sh
> > +#
> > +# Start psplash
> > +#
> > +
> > +PIDFILE=/var/run/$NAME.pid
> > +
> > +start() {
> > + printf "Starting usbguard daemon: "
> > + test -d /var/log/usbguard || mkdir -p /var/log/usbguard
> > + start-stop-daemon -b -S -q -m -p $PIDFILE --exec /usr/sbin/usbguard-daemon -- -f -s -c /etc/usbguard/usbguard-daemon.conf
> > + [ $? = 0 ] && echo "OK" || echo "FAIL"
> > +}
> > +
> > +stop() {
> > + printf "Stopping usbguard daemon: "
> > + start-stop-daemon -K -q -p $PIDFILE
> > + [ $? = 0 ] && echo "OK" || echo "FAIL"
> > +}
> > +
> > +case "$1" in
> > + start)
> > + start
> > + ;;
> > + stop)
> > + stop
> > + ;;
> > + restart|reload)
> > + stop
> > + start
> > + ;;
> > + *)
> > + echo "Usage: $0 {start|stop|restart}"
> > + exit 1
> > +esac
> > +
> > +exit $?
> > diff --git a/package/usbguard/usbguard.hash b/package/usbguard/usbguard.hash
> > new file mode 100644
> > index 0000000000..fd77acc75a
> > --- /dev/null
> > +++ b/package/usbguard/usbguard.hash
> > @@ -0,0 +1,3 @@
> > +# Locally calculated
> > +sha256 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42 usbguard-1.0.0.tar.gz
> > +sha256 a45d0bb572ed792ed34627a72621834b3ba92aab6e2cc4e04301dee7a728d753 LICENSE
> > diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
> > new file mode 100644
> > index 0000000000..72e9e6459a
> > --- /dev/null
> > +++ b/package/usbguard/usbguard.mk
> > @@ -0,0 +1,50 @@
> > +################################################################################
> > +#
> > +## usbguard
> > +#
> > +################################################################################
> > +
> > +USBGUARD_VERSION = 1.0.0
> > +USBGUARD_SITE = https://github.com/USBGuard/usbguard/releases/download/usbguard-$(USBGUARD_VERSION)
> > +USBGUARD_LICENSE = GPL-2.0+
> > +USBGUARD_LICENSE_FILES = LICENSE
> > +USBGUARD_CONF_OPTS= --with-bundled-catch --with-bundled-pegtl \
> > + --disable-debug-build --without-dbus --without-polkit \
> > + --disable-seccomp --disable-umockdev --disable-systemd
> > +
> > +USBGUARD_DEPENDENCIES += libqb protobuf
> > +
> > +ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=openssl
> > +USBGUARD_DEPENDENCIES += libopenssl
> > +endif
> > +ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=gcrypt
> > +USBGUARD_DEPENDENCIES += libgcrypt
> > +endif
> > +ifeq ($(BR2_PACKAGE_LIBSODIUM),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=sodium
> > +USBGUARD_DEPENDENCIES += libsodium
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> > +USBGUARD_CONF_OPTS += --enable-systemd
> > +USBGUARD_DEPENDENCIES += systemd
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> > +USBGUARD_CONF_OPTS += --enable-seccomp
> > +USBGUARD_DEPENDENCIES += libseccomp
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
> > +USBGUARD_CONF_OPTS += --enable-libcapng
> > +USBGUARD_DEPENDENCIES += libcap-ng
> > +endif
> > +
> > +define USBGUARD_INSTALL_INIT_SYSV
> > + $(INSTALL) -m 0755 -D package/usbguard/S20usbguard \
> > + $(TARGET_DIR)/etc/init.d/S20usbguard
> > +endef
> > +
> > +$(eval $(autotools-package))
> > --
> > 2.30.2
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
> >
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Kamel Bouhara, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com
More information about the buildroot
mailing list