| Andrew Geissler | 9aee500 | 2022-03-30 16:27:02 +0000 | [diff] [blame] | 1 | # Copyright (c) 2021 Koninklijke Philips N.V. |
| 2 | # |
| 3 | # SPDX-License-Identifier: MIT |
| 4 | # |
| 5 | SUMMARY = "USBGuard daemon for blacklisting and whitelisting of USB devices" |
| 6 | DESCRIPTION = "The USBGuard software framework helps to protect your computer against \ |
| 7 | rogue USB devices (a.k.a. Bad USB) by implementing basic whitelisting and blacklisting \ |
| 8 | capabilities based on device attributes. This recipe takes OpenSSL as crypto-backend for \ |
| 9 | computing device hashes (Supported values are sodium, gcrypt, openssl)." |
| 10 | HOMEPAGE = "https://usbguard.github.io/" |
| 11 | LICENSE = "GPL-2.0-only" |
| 12 | LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" |
| 13 | |
| 14 | SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \ |
| 15 | file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch" |
| 16 | |
| 17 | SRC_URI[sha256sum] = "460ebfb4ffc5609739a202a3a1d9fda1c30de033b634845b8baa136352bfb432" |
| 18 | |
| 19 | inherit autotools-brokensep bash-completion pkgconfig systemd |
| 20 | |
| 21 | DEPENDS = "glib-2.0-native libcap-ng libqb libxml2-native libxslt-native pegtl protobuf protobuf-native xmlto-native" |
| 22 | |
| 23 | S = "${WORKDIR}/${BPN}-${PV}" |
| 24 | |
| 25 | EXTRA_OECONF += "\ |
| 26 | --with-bundled-catch \ |
| 27 | --with-bundled-pegtl \ |
| 28 | " |
| 29 | |
| 30 | PACKAGECONFIG ?= "\ |
| 31 | openssl \ |
| 32 | ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \ |
| 33 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ |
| 34 | " |
| 35 | |
| 36 | # USBGuard has made polkit mandatory to configure with-dbus |
| 37 | PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus,dbus-glib polkit" |
| 38 | PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt,,libgcrypt,,,libsodium openssl" |
| 39 | PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium,,libsodium,,,libgcrypt openssl" |
| 40 | PACKAGECONFIG[openssl] = "--with-crypto-library=openssl,,openssl,,,libgcrypt libsodium" |
| 41 | PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit" |
| 42 | PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" |
| 43 | PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" |
| 44 | |
| 45 | SYSTEMD_PACKAGES = "${PN}" |
| 46 | |
| 47 | SYSTEMD_SERVICE:${PN} = "usbguard.service ${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'usbguard-dbus.service', '', d)}" |
| 48 | |
| 49 | FILES:${PN} += "\ |
| 50 | ${systemd_unitdir}/system/usbguard.service \ |
| 51 | ${systemd_unitdir}/system/usbguard-dbus.service \ |
| 52 | ${datadir}/polkit-1 \ |
| 53 | ${datadir}/dbus-1 \ |
| 54 | ${nonarch_libdir}/tmpfiles.d \ |
| 55 | " |
| 56 | |
| 57 | do_install:append() { |
| 58 | # Create /var/log/usbguard in runtime. |
| 59 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then |
| 60 | install -d ${D}${nonarch_libdir}/tmpfiles.d |
| 61 | echo "d ${localstatedir}/log/${BPN} 0755 root root -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf |
| 62 | fi |
| 63 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then |
| 64 | install -d ${D}${sysconfdir}/default/volatiles |
| 65 | echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN} |
| 66 | fi |
| 67 | rm -rf ${D}${localstatedir}/log |
| 68 | } |