* [meta-oe][PATCH v4] usbguard: Initial recipe
@ 2019-07-29 8:04 Ayoub Zaki
2019-07-29 14:14 ` Khem Raj
0 siblings, 1 reply; 4+ messages in thread
From: Ayoub Zaki @ 2019-07-29 8:04 UTC (permalink / raw)
To: openembedded-devel
Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB)
by implementing basic whitelisting and blacklisting capabilities based on device attributes.
---
...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++
.../usbguard/usbguard_0.7.4.bb | 37 +++++++++++++++++++
2 files changed, 62 insertions(+)
create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
new file mode 100644
index 000000000..022320b40
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
@@ -0,0 +1,25 @@
+From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001
+From: Ayoub Zaki <ayoub.zaki@embexus.com>
+Date: Mon, 29 Jul 2019 09:46:56 +0200
+Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config
+
+---
+ m4/libgcrypt.m4 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
+index 6cf482f..d674eae 100644
+--- a/m4/libgcrypt.m4
++++ b/m4/libgcrypt.m4
+@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+ libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+ if test x$libgcrypt_config_prefix != x ; then
+ if test x${LIBGCRYPT_CONFIG+set} != xset ; then
+- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
++ LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt)
+ fi
+ fi
+
+--
+2.17.1
+
diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
new file mode 100644
index 000000000..75ab62c3a
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
@@ -0,0 +1,37 @@
+DESCRIPTION="USBGuard framework helps to protect against BadUSB."
+HOMEPAGE="https://github.com/dkopecek/usbguard"
+LICENSE="GPLv2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
+
+SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c"
+SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \
+ file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \
+ "
+
+inherit autotools pkgconfig systemd bash-completion
+
+S = "${WORKDIR}/git"
+
+DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
+ dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
+
+EXTRA_OECONF += "--with-bundled-catch"
+
+PACKAGECONFIG ??= "libsodium \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
+
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
+PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
+PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit"
+PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus"
+
+SYSTEMD_SERVICE_${PN} = "${PN}.service"
+SYSTEMD_PACKAGES += "${PN}"
+
+do_install_append(){
+
+ sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \
+ ${D}${sysconfdir}/usbguard/usbguard-daemon.conf
+}
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-oe][PATCH v4] usbguard: Initial recipe
2019-07-29 8:04 [meta-oe][PATCH v4] usbguard: Initial recipe Ayoub Zaki
@ 2019-07-29 14:14 ` Khem Raj
2019-07-29 14:40 ` Khem Raj
0 siblings, 1 reply; 4+ messages in thread
From: Khem Raj @ 2019-07-29 14:14 UTC (permalink / raw)
To: Ayoub Zaki; +Cc: openembeded-devel
On Mon, Jul 29, 2019 at 1:04 AM Ayoub Zaki <ayoub.zaki@embexus.com> wrote:
>
> Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB)
> by implementing basic whitelisting and blacklisting capabilities based on device attributes.
> ---
> ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++
> .../usbguard/usbguard_0.7.4.bb | 37 +++++++++++++++++++
> 2 files changed, 62 insertions(+)
> create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
>
> diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> new file mode 100644
> index 000000000..022320b40
> --- /dev/null
> +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> @@ -0,0 +1,25 @@
> +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001
> +From: Ayoub Zaki <ayoub.zaki@embexus.com>
> +Date: Mon, 29 Jul 2019 09:46:56 +0200
> +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config
> +
> +---
> + m4/libgcrypt.m4 | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
> +index 6cf482f..d674eae 100644
> +--- a/m4/libgcrypt.m4
> ++++ b/m4/libgcrypt.m4
> +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
> + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
> + if test x$libgcrypt_config_prefix != x ; then
> + if test x${LIBGCRYPT_CONFIG+set} != xset ; then
> +- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
> ++ LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt)
> + fi
> + fi
> +
> +--
> +2.17.1
> +
> diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> new file mode 100644
> index 000000000..75ab62c3a
> --- /dev/null
> +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> @@ -0,0 +1,37 @@
> +DESCRIPTION="USBGuard framework helps to protect against BadUSB."
> +HOMEPAGE="https://github.com/dkopecek/usbguard"
> +LICENSE="GPLv2"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
> +
> +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c"
> +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \
> + file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \
> + "
> +
> +inherit autotools pkgconfig systemd bash-completion
> +
> +S = "${WORKDIR}/git"
> +
> +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
> + dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
> +
make it +=
> +EXTRA_OECONF += "--with-bundled-catch"
> +
we do have catch package recipe, have you considered using that
> +PACKAGECONFIG ??= "libsodium \
> + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
> + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
> +
> +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
> +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
> +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
> +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit"
> +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus"
> +
I think the dependencies added unconditionally above should be added
via packageconfigs.
> +SYSTEMD_SERVICE_${PN} = "${PN}.service"
> +SYSTEMD_PACKAGES += "${PN}"
Using PN on right hand side will fail for multilib builds. May be use BPN
> +
> +do_install_append(){
> +
> + sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \
> + ${D}${sysconfdir}/usbguard/usbguard-daemon.conf
> +}
> --
> 2.17.1
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-oe][PATCH v4] usbguard: Initial recipe
2019-07-29 14:14 ` Khem Raj
@ 2019-07-29 14:40 ` Khem Raj
2019-07-30 10:55 ` Adrian Bunk
0 siblings, 1 reply; 4+ messages in thread
From: Khem Raj @ 2019-07-29 14:40 UTC (permalink / raw)
To: Ayoub Zaki; +Cc: openembeded-devel
there are build failures still
https://errors.yoctoproject.org/Errors/Details/255457/
On Mon, Jul 29, 2019 at 7:14 AM Khem Raj <raj.khem@gmail.com> wrote:
>
> On Mon, Jul 29, 2019 at 1:04 AM Ayoub Zaki <ayoub.zaki@embexus.com> wrote:
> >
> > Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB)
> > by implementing basic whitelisting and blacklisting capabilities based on device attributes.
> > ---
> > ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++
> > .../usbguard/usbguard_0.7.4.bb | 37 +++++++++++++++++++
> > 2 files changed, 62 insertions(+)
> > create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> > create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> >
> > diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> > new file mode 100644
> > index 000000000..022320b40
> > --- /dev/null
> > +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch
> > @@ -0,0 +1,25 @@
> > +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001
> > +From: Ayoub Zaki <ayoub.zaki@embexus.com>
> > +Date: Mon, 29 Jul 2019 09:46:56 +0200
> > +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config
> > +
> > +---
> > + m4/libgcrypt.m4 | 2 +-
> > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > +
> > +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
> > +index 6cf482f..d674eae 100644
> > +--- a/m4/libgcrypt.m4
> > ++++ b/m4/libgcrypt.m4
> > +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
> > + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
> > + if test x$libgcrypt_config_prefix != x ; then
> > + if test x${LIBGCRYPT_CONFIG+set} != xset ; then
> > +- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
> > ++ LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt)
> > + fi
> > + fi
> > +
> > +--
> > +2.17.1
> > +
> > diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> > new file mode 100644
> > index 000000000..75ab62c3a
> > --- /dev/null
> > +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb
> > @@ -0,0 +1,37 @@
> > +DESCRIPTION="USBGuard framework helps to protect against BadUSB."
> > +HOMEPAGE="https://github.com/dkopecek/usbguard"
> > +LICENSE="GPLv2"
> > +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022"
> > +
> > +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c"
> > +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \
> > + file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \
> > + "
> > +
> > +inherit autotools pkgconfig systemd bash-completion
> > +
> > +S = "${WORKDIR}/git"
> > +
> > +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
> > + dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
> > +
>
> make it +=
>
> > +EXTRA_OECONF += "--with-bundled-catch"
> > +
>
> we do have catch package recipe, have you considered using that
>
> > +PACKAGECONFIG ??= "libsodium \
> > + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
> > + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
> > +
> > +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
> > +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
> > +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
> > +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit"
> > +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus"
> > +
>
> I think the dependencies added unconditionally above should be added
> via packageconfigs.
>
> > +SYSTEMD_SERVICE_${PN} = "${PN}.service"
> > +SYSTEMD_PACKAGES += "${PN}"
>
> Using PN on right hand side will fail for multilib builds. May be use BPN
>
> > +
> > +do_install_append(){
> > +
> > + sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \
> > + ${D}${sysconfdir}/usbguard/usbguard-daemon.conf
> > +}
> > --
> > 2.17.1
> >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-oe][PATCH v4] usbguard: Initial recipe
2019-07-29 14:40 ` Khem Raj
@ 2019-07-30 10:55 ` Adrian Bunk
0 siblings, 0 replies; 4+ messages in thread
From: Adrian Bunk @ 2019-07-30 10:55 UTC (permalink / raw)
To: Khem Raj; +Cc: openembeded-devel
On Mon, Jul 29, 2019 at 07:40:43AM -0700, Khem Raj wrote:
> there are build failures still
>
> https://errors.yoctoproject.org/Errors/Details/255457/
+DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \
+ dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl"
...
+PACKAGECONFIG ??= "libsodium \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}"
+
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium"
+PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt"
+PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit"
+PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus"
The problem is that dependencies should be added as third parameter to
PACKAGECONFIG, which is missing here for polkit.
Note that there is also the (less harmful) opposite problem here:
The libsodium, libgcrypt and dbus/dbus-glib dependencies are likely only
required when the corresponding functionality is enabled via PACKAGECONFIG.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-30 10:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-29 8:04 [meta-oe][PATCH v4] usbguard: Initial recipe Ayoub Zaki
2019-07-29 14:14 ` Khem Raj
2019-07-29 14:40 ` Khem Raj
2019-07-30 10:55 ` Adrian Bunk
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.