xref: /OK3568_Linux_fs/yocto/meta-openembedded/meta-oe/recipes-security/usbguard/usbguard_1.1.1.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun# Copyright (c) 2021 Koninklijke Philips N.V.
2*4882a593Smuzhiyun#
3*4882a593Smuzhiyun# SPDX-License-Identifier: MIT
4*4882a593Smuzhiyun#
5*4882a593SmuzhiyunSUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices"
6*4882a593SmuzhiyunDESCRIPTION = "The USBGuard software framework helps to protect your computer against \
7*4882a593Smuzhiyunrogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \
8*4882a593Smuzhiyuncapabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \
9*4882a593Smuzhiyuncomputing device hashes (Supported values are sodium, gcrypt, openssl)."
10*4882a593SmuzhiyunHOMEPAGE = "https://usbguard.github.io/"
11*4882a593SmuzhiyunLICENSE = "GPL-2.0-only"
12*4882a593SmuzhiyunLIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
13*4882a593Smuzhiyun
14*4882a593SmuzhiyunSRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
15*4882a593Smuzhiyun    file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch"
16*4882a593Smuzhiyun
17*4882a593SmuzhiyunSRC_URI[sha256sum] = "460ebfb4ffc5609739a202a3a1d9fda1c30de033b634845b8baa136352bfb432"
18*4882a593Smuzhiyun
19*4882a593Smuzhiyuninherit autotools-brokensep bash-completion pkgconfig systemd
20*4882a593Smuzhiyun
21*4882a593SmuzhiyunDEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native pegtl protobuf protobuf-native xmlto-native"
22*4882a593Smuzhiyun
23*4882a593SmuzhiyunS = "${WORKDIR}/${BPN}-${PV}"
24*4882a593Smuzhiyun
25*4882a593SmuzhiyunEXTRA_OECONF += "\
26*4882a593Smuzhiyun    --with-bundled-catch \
27*4882a593Smuzhiyun    --with-bundled-pegtl \
28*4882a593Smuzhiyun"
29*4882a593Smuzhiyun
30*4882a593SmuzhiyunPACKAGECONFIG ?= "\
31*4882a593Smuzhiyun    openssl \
32*4882a593Smuzhiyun    ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \
33*4882a593Smuzhiyun    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
34*4882a593Smuzhiyun"
35*4882a593Smuzhiyun
36*4882a593Smuzhiyun# USBGuard has made polkit mandatory to configure with-dbus
37*4882a593SmuzhiyunPACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit"
38*4882a593SmuzhiyunPACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl"
39*4882a593SmuzhiyunPACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl"
40*4882a593SmuzhiyunPACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium"
41*4882a593SmuzhiyunPACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
42*4882a593SmuzhiyunPACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
43*4882a593SmuzhiyunPACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
44*4882a593Smuzhiyun
45*4882a593SmuzhiyunSYSTEMD_PACKAGES = "${PN}"
46*4882a593Smuzhiyun
47*4882a593SmuzhiyunSYSTEMD_SERVICE:${PN} = "usbguard.service ${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'usbguard-dbus.service', '', d)}"
48*4882a593Smuzhiyun
49*4882a593SmuzhiyunFILES:${PN} += "\
50*4882a593Smuzhiyun    ${systemd_unitdir}/system/usbguard.service \
51*4882a593Smuzhiyun    ${systemd_unitdir}/system/usbguard-dbus.service \
52*4882a593Smuzhiyun    ${datadir}/polkit-1 \
53*4882a593Smuzhiyun    ${datadir}/dbus-1 \
54*4882a593Smuzhiyun    ${nonarch_libdir}/tmpfiles.d \
55*4882a593Smuzhiyun"
56*4882a593Smuzhiyun
57*4882a593Smuzhiyundo_install:append() {
58*4882a593Smuzhiyun# Create /var/log/usbguard in runtime.
59*4882a593Smuzhiyun    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
60*4882a593Smuzhiyun        install -d ${D}${nonarch_libdir}/tmpfiles.d
61*4882a593Smuzhiyun        echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
62*4882a593Smuzhiyun    fi
63*4882a593Smuzhiyun    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
64*4882a593Smuzhiyun        install -d ${D}${sysconfdir}/default/volatiles
65*4882a593Smuzhiyun        echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
66*4882a593Smuzhiyun    fi
67*4882a593Smuzhiyun    rm -rf ${D}${localstatedir}/log
68*4882a593Smuzhiyun}
69