* [Buildroot] [PATCH v2 1/2] package/libqb: new package
@ 2021-06-08 12:32 Kamel Bouhara
2021-06-08 12:32 ` [Buildroot] [PATCH v2 2/2] package/usbguard: " Kamel Bouhara
0 siblings, 1 reply; 10+ messages in thread
From: Kamel Bouhara @ 2021-06-08 12:32 UTC (permalink / raw)
To: buildroot
libqb is a library providing features for client-server architecture,
such as logging, tracing, inter-process communication (IPC) and polling.
see: https://github.com/ClusterLabs/libqb
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
---
DEVELOPERS | 1 +
package/Config.in | 1 +
package/libqb/Config.in | 7 +++++++
package/libqb/libqb.hash | 3 +++
package/libqb/libqb.mk | 15 +++++++++++++++
5 files changed, 27 insertions(+)
create mode 100644 package/libqb/Config.in
create mode 100644 package/libqb/libqb.hash
create mode 100644 package/libqb/libqb.mk
diff --git a/DEVELOPERS b/DEVELOPERS
index a90ad1c354..94be28c43c 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1492,6 +1492,7 @@ F: package/dtach/
N: Kamel Bouhara <kamel.bouhara@gmail.com>
F: package/libodb-boost/
F: package/libodb-mysql/
+F: package/libqb/
N: Karoly Kasza <kaszak@gmail.com>
F: package/irqbalance/
diff --git a/package/Config.in b/package/Config.in
index 82b28d2835..ad5dd1e860 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1930,6 +1930,7 @@ menu "Other"
source "package/libpthread-stubs/Config.in"
source "package/libpthsem/Config.in"
source "package/libpwquality/Config.in"
+ source "package/libqb/Config.in"
source "package/libseccomp/Config.in"
source "package/libsigc/Config.in"
source "package/libsigsegv/Config.in"
diff --git a/package/libqb/Config.in b/package/libqb/Config.in
new file mode 100644
index 0000000000..4ab010ca50
--- /dev/null
+++ b/package/libqb/Config.in
@@ -0,0 +1,7 @@
+config BR2_PACKAGE_LIBQB
+ bool "libqb"
+ select BR2_PACKAGE_LIBXML2
+ help
+ Library for client-server applications
+
+ https://github.com/ClusterLabs/libqb
diff --git a/package/libqb/libqb.hash b/package/libqb/libqb.hash
new file mode 100644
index 0000000000..0a01a9bbb5
--- /dev/null
+++ b/package/libqb/libqb.hash
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256 f72769c66479c51ac176b56837637b29d200f9dad40d23c5fdcb10f3a53ab1e4 libqb-2.0.2.tar.gz
+sha256 00a89b0d18aacd4114decf79122db87bf35bddaf2bc50e383c9c9f4c263390b2 COPYING
diff --git a/package/libqb/libqb.mk b/package/libqb/libqb.mk
new file mode 100644
index 0000000000..9da6d7f900
--- /dev/null
+++ b/package/libqb/libqb.mk
@@ -0,0 +1,15 @@
+################################################################################
+#
+# libqb
+#
+################################################################################
+
+LIBQB_VERSION = 2.0.2
+LIBQB_SITE = $(call github,ClusterLabs,libqb,v$(LIBQB_VERSION))
+LIBQB_LICENSE = LGPL-2.1+
+LIBQB_LICENSE_FILES = COPYING
+LIBQB_INSTALL_STAGING = YES
+LIBQB_AUTORECONF = YES
+LIBQB_DEPENDENCIES = libxml2
+
+$(eval $(autotools-package))
--
2.30.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-08 12:32 [Buildroot] [PATCH v2 1/2] package/libqb: new package Kamel Bouhara
@ 2021-06-08 12:32 ` Kamel Bouhara
2021-06-08 12:37 ` Miquel Raynal
2021-06-16 21:42 ` Arnout Vandecappelle
0 siblings, 2 replies; 10+ messages in thread
From: Kamel Bouhara @ 2021-06-08 12:32 UTC (permalink / raw)
To: buildroot
usbguard is a software framework to implement USB
device blacklisting and whitelisting based on their
attributes.
More info. on: https://usbguard.github.io/
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
---
Changes
v1 -> v2
- Removed strict dependency on systemd
- Added a default initscript example for sysVinit system
---
DEVELOPERS | 1 +
package/Config.in | 1 +
package/usbguard/Config.in | 15 ++++++++++
package/usbguard/S20usbguard | 37 +++++++++++++++++++++++++
package/usbguard/usbguard.hash | 3 ++
package/usbguard/usbguard.mk | 50 ++++++++++++++++++++++++++++++++++
6 files changed, 107 insertions(+)
create mode 100644 package/usbguard/Config.in
create mode 100644 package/usbguard/S20usbguard
create mode 100644 package/usbguard/usbguard.hash
create mode 100644 package/usbguard/usbguard.mk
diff --git a/DEVELOPERS b/DEVELOPERS
index 94be28c43c..a825fe4300 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1493,6 +1493,7 @@ N: Kamel Bouhara <kamel.bouhara@gmail.com>
F: package/libodb-boost/
F: package/libodb-mysql/
F: package/libqb/
+F: package/usbguard/
N: Karoly Kasza <kaszak@gmail.com>
F: package/irqbalance/
diff --git a/package/Config.in b/package/Config.in
index ad5dd1e860..79fa4abd6c 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -582,6 +582,7 @@ endmenu
source "package/upower/Config.in"
source "package/usb_modeswitch/Config.in"
source "package/usb_modeswitch_data/Config.in"
+ source "package/usbguard/Config.in"
source "package/usbmount/Config.in"
source "package/usbutils/Config.in"
source "package/w_scan/Config.in"
diff --git a/package/usbguard/Config.in b/package/usbguard/Config.in
new file mode 100644
index 0000000000..c291babb73
--- /dev/null
+++ b/package/usbguard/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_USBGUARD
+ bool "usbguard"
+ depends on BR2_USE_WCHAR # glib2
+ depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
+ depends on BR2_USE_MMU # glib2
+ depends on BR2_PACKAGE_PROTOBUF
+ select BR2_PACKAGE_LIBQB
+ help
+ The USBGuard software framework
+
+ https://usbguard.github.io/
+
+comment "usbguard needs a glibc toolchain w/ threads and wchar"
+ depends on BR2_USE_MMU
+ depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/usbguard/S20usbguard b/package/usbguard/S20usbguard
new file mode 100644
index 0000000000..b16d7b4aa2
--- /dev/null
+++ b/package/usbguard/S20usbguard
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# Start psplash
+#
+
+PIDFILE=/var/run/$NAME.pid
+
+start() {
+ printf "Starting usbguard daemon: "
+ test -d /var/log/usbguard || mkdir -p /var/log/usbguard
+ start-stop-daemon -b -S -q -m -p $PIDFILE --exec /usr/sbin/usbguard-daemon -- -f -s -c /etc/usbguard/usbguard-daemon.conf
+ [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+stop() {
+ printf "Stopping usbguard daemon: "
+ start-stop-daemon -K -q -p $PIDFILE
+ [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart|reload)
+ stop
+ start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart}"
+ exit 1
+esac
+
+exit $?
diff --git a/package/usbguard/usbguard.hash b/package/usbguard/usbguard.hash
new file mode 100644
index 0000000000..fd77acc75a
--- /dev/null
+++ b/package/usbguard/usbguard.hash
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42 usbguard-1.0.0.tar.gz
+sha256 a45d0bb572ed792ed34627a72621834b3ba92aab6e2cc4e04301dee7a728d753 LICENSE
diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
new file mode 100644
index 0000000000..72e9e6459a
--- /dev/null
+++ b/package/usbguard/usbguard.mk
@@ -0,0 +1,50 @@
+################################################################################
+#
+## usbguard
+#
+################################################################################
+
+USBGUARD_VERSION = 1.0.0
+USBGUARD_SITE = https://github.com/USBGuard/usbguard/releases/download/usbguard-$(USBGUARD_VERSION)
+USBGUARD_LICENSE = GPL-2.0+
+USBGUARD_LICENSE_FILES = LICENSE
+USBGUARD_CONF_OPTS= --with-bundled-catch --with-bundled-pegtl \
+ --disable-debug-build --without-dbus --without-polkit \
+ --disable-seccomp --disable-umockdev --disable-systemd
+
+USBGUARD_DEPENDENCIES += libqb protobuf
+
+ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
+USBGUARD_CONF_OPTS += --with-crypto-library=openssl
+USBGUARD_DEPENDENCIES += libopenssl
+endif
+ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
+USBGUARD_CONF_OPTS += --with-crypto-library=gcrypt
+USBGUARD_DEPENDENCIES += libgcrypt
+endif
+ifeq ($(BR2_PACKAGE_LIBSODIUM),y)
+USBGUARD_CONF_OPTS += --with-crypto-library=sodium
+USBGUARD_DEPENDENCIES += libsodium
+endif
+
+ifeq ($(BR2_PACKAGE_SYSTEMD),y)
+USBGUARD_CONF_OPTS += --enable-systemd
+USBGUARD_DEPENDENCIES += systemd
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
+USBGUARD_CONF_OPTS += --enable-seccomp
+USBGUARD_DEPENDENCIES += libseccomp
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
+USBGUARD_CONF_OPTS += --enable-libcapng
+USBGUARD_DEPENDENCIES += libcap-ng
+endif
+
+define USBGUARD_INSTALL_INIT_SYSV
+ $(INSTALL) -m 0755 -D package/usbguard/S20usbguard \
+ $(TARGET_DIR)/etc/init.d/S20usbguard
+endef
+
+$(eval $(autotools-package))
--
2.30.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-08 12:32 ` [Buildroot] [PATCH v2 2/2] package/usbguard: " Kamel Bouhara
@ 2021-06-08 12:37 ` Miquel Raynal
2021-06-11 10:37 ` Miquel Raynal
2021-06-16 21:42 ` Arnout Vandecappelle
1 sibling, 1 reply; 10+ messages in thread
From: Miquel Raynal @ 2021-06-08 12:37 UTC (permalink / raw)
To: buildroot
Hi Kamel,
Kamel Bouhara <kamel.bouhara@bootlin.com> wrote on Tue, 8 Jun 2021
14:32:10 +0200:
> usbguard is a software framework to implement USB
> device blacklisting and whitelisting based on their
> attributes.
>
> More info. on: https://usbguard.github.io/
>
> Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
> ---
Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
Thanks,
Miqu?l
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-08 12:37 ` Miquel Raynal
@ 2021-06-11 10:37 ` Miquel Raynal
2021-06-11 11:25 ` Kamel Bouhara
0 siblings, 1 reply; 10+ messages in thread
From: Miquel Raynal @ 2021-06-11 10:37 UTC (permalink / raw)
To: buildroot
Hello,
Miquel Raynal <miquel.raynal@bootlin.com> wrote on Tue, 8 Jun 2021
14:37:57 +0200:
> Hi Kamel,
>
> Kamel Bouhara <kamel.bouhara@bootlin.com> wrote on Tue, 8 Jun 2021
> 14:32:10 +0200:
>
> > usbguard is a software framework to implement USB
> > device blacklisting and whitelisting based on their
> > attributes.
> >
> > More info. on: https://usbguard.github.io/
> >
> > Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
> > ---
>
> Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
It looks like by default, an empty configuration file will prevent
any USB device to be authorized. I don't know if this behavior is
acceptable or not, I would advice to create a default "allow
everything" policy that the user can overload by adding the following
file to the recipe:
[0600] /etc/usbguard/rules.conf:
allow *:*
Thanks,
Miqu?l
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-11 10:37 ` Miquel Raynal
@ 2021-06-11 11:25 ` Kamel Bouhara
2021-06-11 12:00 ` Thomas Petazzoni
0 siblings, 1 reply; 10+ messages in thread
From: Kamel Bouhara @ 2021-06-11 11:25 UTC (permalink / raw)
To: buildroot
On Fri, Jun 11, 2021 at 12:37:03PM +0200, Miquel Raynal wrote:
> Hello,
>
Hello Miquel,
> Miquel Raynal <miquel.raynal@bootlin.com> wrote on Tue, 8 Jun 2021
> 14:37:57 +0200:
>
> > Hi Kamel,
> >
> > Kamel Bouhara <kamel.bouhara@bootlin.com> wrote on Tue, 8 Jun 2021
> > 14:32:10 +0200:
> >
> > > usbguard is a software framework to implement USB
> > > device blacklisting and whitelisting based on their
> > > attributes.
> > >
> > > More info. on: https://usbguard.github.io/
> > >
> > > Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
> > > ---
> >
> > Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
>
> It looks like by default, an empty configuration file will prevent
> any USB device to be authorized. I don't know if this behavior is
> acceptable or not, I would advice to create a default "allow
> everything" policy that the user can overload by adding the following
> file to the recipe:
>
> [0600] /etc/usbguard/rules.conf:
> allow *:*
>
I think that having to default configuration in
/etc/usbguard/rules.conf is not expected as the rules are generated
using the "usbguard generate-policy" command.
Maybe we shall just warn users that there is no configuration file at
boot before starting the daemon ?
Regards,
Kamel
> Thanks,
> Miqu?l
--
Kamel Bouhara, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-11 11:25 ` Kamel Bouhara
@ 2021-06-11 12:00 ` Thomas Petazzoni
2021-06-14 7:08 ` Kamel Bouhara
0 siblings, 1 reply; 10+ messages in thread
From: Thomas Petazzoni @ 2021-06-11 12:00 UTC (permalink / raw)
To: buildroot
On Fri, 11 Jun 2021 13:25:02 +0200
Kamel Bouhara <kamel.bouhara@bootlin.com> wrote:
> > [0600] /etc/usbguard/rules.conf:
> > allow *:*
> >
>
> I think that having to default configuration in
> /etc/usbguard/rules.conf is not expected as the rules are generated
> using the "usbguard generate-policy" command.
It is not really great to have to run a tool on the target to generate
the rules. The goal of Buildroot is to build the whole system, and the
rootfs might be read-only.
> Maybe we shall just warn users that there is no configuration file at
> boot before starting the daemon ?
Not really Buildroot's design principle. We like to have a default
basic configuration that does something minimally useful. So either
accept all USB devices, or reject all USB devices, for example.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-11 12:00 ` Thomas Petazzoni
@ 2021-06-14 7:08 ` Kamel Bouhara
0 siblings, 0 replies; 10+ messages in thread
From: Kamel Bouhara @ 2021-06-14 7:08 UTC (permalink / raw)
To: buildroot
On Fri, Jun 11, 2021 at 02:00:11PM +0200, Thomas Petazzoni wrote:
> On Fri, 11 Jun 2021 13:25:02 +0200
> Kamel Bouhara <kamel.bouhara@bootlin.com> wrote:
>
> > > [0600] /etc/usbguard/rules.conf:
> > > allow *:*
> > >
> >
> > I think that having to default configuration in
> > /etc/usbguard/rules.conf is not expected as the rules are generated
> > using the "usbguard generate-policy" command.
>
> It is not really great to have to run a tool on the target to generate
> the rules. The goal of Buildroot is to build the whole system, and the
> rootfs might be read-only.
>
Indeed.
> > Maybe we shall just warn users that there is no configuration file at
> > boot before starting the daemon ?
>
> Not really Buildroot's design principle. We like to have a default
> basic configuration that does something minimally useful. So either
> accept all USB devices, or reject all USB devices, for example.
OK, let's add it in v3 then.
Thanks,
Kamel
>
> Best regards,
>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
--
Kamel Bouhara, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-08 12:32 ` [Buildroot] [PATCH v2 2/2] package/usbguard: " Kamel Bouhara
2021-06-08 12:37 ` Miquel Raynal
@ 2021-06-16 21:42 ` Arnout Vandecappelle
2021-06-17 7:37 ` Kamel Bouhara
1 sibling, 1 reply; 10+ messages in thread
From: Arnout Vandecappelle @ 2021-06-16 21:42 UTC (permalink / raw)
To: buildroot
On 08/06/2021 14:32, Kamel Bouhara wrote:
> usbguard is a software framework to implement USB
> device blacklisting and whitelisting based on their
> attributes.
>
> More info. on: https://usbguard.github.io/
>
> Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
v3 never came, but I applied to master after all. The default is deny all, so
that's OK. I just mentioned in the help text that rules.conf has to be created.
[snip]
> +config BR2_PACKAGE_USBGUARD
> + bool "usbguard"
> + depends on BR2_USE_WCHAR # glib2
> + depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
> + depends on BR2_USE_MMU # glib2
> + depends on BR2_PACKAGE_PROTOBUF
The glib2 is wrong here, and the depends on protobuf should be a select (and
propagating its dependencies). I changed it like that.
Applied to master with those two changes, thanks.
It would be nice to add dbus support, but if someone needs that they can do it.
Regards,
Arnout
> + select BR2_PACKAGE_LIBQB
> + help
> + The USBGuard software framework
> +
> + https://usbguard.github.io/
> +
> +comment "usbguard needs a glibc toolchain w/ threads and wchar"
> + depends on BR2_USE_MMU
> + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
> diff --git a/package/usbguard/S20usbguard b/package/usbguard/S20usbguard
> new file mode 100644
> index 0000000000..b16d7b4aa2
> --- /dev/null
> +++ b/package/usbguard/S20usbguard
> @@ -0,0 +1,37 @@
> +#!/bin/sh
> +#
> +# Start psplash
> +#
> +
> +PIDFILE=/var/run/$NAME.pid
> +
> +start() {
> + printf "Starting usbguard daemon: "
> + test -d /var/log/usbguard || mkdir -p /var/log/usbguard
> + start-stop-daemon -b -S -q -m -p $PIDFILE --exec /usr/sbin/usbguard-daemon -- -f -s -c /etc/usbguard/usbguard-daemon.conf
> + [ $? = 0 ] && echo "OK" || echo "FAIL"
> +}
> +
> +stop() {
> + printf "Stopping usbguard daemon: "
> + start-stop-daemon -K -q -p $PIDFILE
> + [ $? = 0 ] && echo "OK" || echo "FAIL"
> +}
> +
> +case "$1" in
> + start)
> + start
> + ;;
> + stop)
> + stop
> + ;;
> + restart|reload)
> + stop
> + start
> + ;;
> + *)
> + echo "Usage: $0 {start|stop|restart}"
> + exit 1
> +esac
> +
> +exit $?
> diff --git a/package/usbguard/usbguard.hash b/package/usbguard/usbguard.hash
> new file mode 100644
> index 0000000000..fd77acc75a
> --- /dev/null
> +++ b/package/usbguard/usbguard.hash
> @@ -0,0 +1,3 @@
> +# Locally calculated
> +sha256 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42 usbguard-1.0.0.tar.gz
> +sha256 a45d0bb572ed792ed34627a72621834b3ba92aab6e2cc4e04301dee7a728d753 LICENSE
> diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
> new file mode 100644
> index 0000000000..72e9e6459a
> --- /dev/null
> +++ b/package/usbguard/usbguard.mk
> @@ -0,0 +1,50 @@
> +################################################################################
> +#
> +## usbguard
> +#
> +################################################################################
> +
> +USBGUARD_VERSION = 1.0.0
> +USBGUARD_SITE = https://github.com/USBGuard/usbguard/releases/download/usbguard-$(USBGUARD_VERSION)
> +USBGUARD_LICENSE = GPL-2.0+
> +USBGUARD_LICENSE_FILES = LICENSE
> +USBGUARD_CONF_OPTS= --with-bundled-catch --with-bundled-pegtl \
> + --disable-debug-build --without-dbus --without-polkit \
> + --disable-seccomp --disable-umockdev --disable-systemd
> +
> +USBGUARD_DEPENDENCIES += libqb protobuf
> +
> +ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
> +USBGUARD_CONF_OPTS += --with-crypto-library=openssl
> +USBGUARD_DEPENDENCIES += libopenssl
> +endif
> +ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> +USBGUARD_CONF_OPTS += --with-crypto-library=gcrypt
> +USBGUARD_DEPENDENCIES += libgcrypt
> +endif
> +ifeq ($(BR2_PACKAGE_LIBSODIUM),y)
> +USBGUARD_CONF_OPTS += --with-crypto-library=sodium
> +USBGUARD_DEPENDENCIES += libsodium
> +endif
> +
> +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> +USBGUARD_CONF_OPTS += --enable-systemd
> +USBGUARD_DEPENDENCIES += systemd
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +USBGUARD_CONF_OPTS += --enable-seccomp
> +USBGUARD_DEPENDENCIES += libseccomp
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
> +USBGUARD_CONF_OPTS += --enable-libcapng
> +USBGUARD_DEPENDENCIES += libcap-ng
> +endif
> +
> +define USBGUARD_INSTALL_INIT_SYSV
> + $(INSTALL) -m 0755 -D package/usbguard/S20usbguard \
> + $(TARGET_DIR)/etc/init.d/S20usbguard
> +endef
> +
> +$(eval $(autotools-package))
> --
> 2.30.2
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-16 21:42 ` Arnout Vandecappelle
@ 2021-06-17 7:37 ` Kamel Bouhara
2021-06-17 8:00 ` Arnout Vandecappelle
0 siblings, 1 reply; 10+ messages in thread
From: Kamel Bouhara @ 2021-06-17 7:37 UTC (permalink / raw)
To: buildroot
On Wed, Jun 16, 2021 at 11:42:49PM +0200, Arnout Vandecappelle wrote:
>
>
> On 08/06/2021 14:32, Kamel Bouhara wrote:
> > usbguard is a software framework to implement USB
> > device blacklisting and whitelisting based on their
> > attributes.
> >
> > More info. on: https://usbguard.github.io/
> >
> > Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
>
> v3 never came, but I applied to master after all. The default is deny all, so
> that's OK. I just mentioned in the help text that rules.conf has to be created.
>
Sorry, I've been busy lately.
> [snip]
> > +config BR2_PACKAGE_USBGUARD
> > + bool "usbguard"
> > + depends on BR2_USE_WCHAR # glib2
> > + depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
> > + depends on BR2_USE_MMU # glib2
> > + depends on BR2_PACKAGE_PROTOBUF
>
> The glib2 is wrong here, and the depends on protobuf should be a select (and
> propagating its dependencies). I changed it like that.
>
I have to admit it's another bad copy pasting but the dependencies are
still relevant.
I tough the select was only reserved to libraries.
> Applied to master with those two changes, thanks.
Ack, thanks.
Kamel
>
> It would be nice to add dbus support, but if someone needs that they can do it.
>
> Regards,
> Arnout
>
> > + select BR2_PACKAGE_LIBQB
> > + help
> > + The USBGuard software framework
> > +
> > + https://usbguard.github.io/
> > +
> > +comment "usbguard needs a glibc toolchain w/ threads and wchar"
> > + depends on BR2_USE_MMU
> > + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
> > diff --git a/package/usbguard/S20usbguard b/package/usbguard/S20usbguard
> > new file mode 100644
> > index 0000000000..b16d7b4aa2
> > --- /dev/null
> > +++ b/package/usbguard/S20usbguard
> > @@ -0,0 +1,37 @@
> > +#!/bin/sh
> > +#
> > +# Start psplash
> > +#
> > +
> > +PIDFILE=/var/run/$NAME.pid
> > +
> > +start() {
> > + printf "Starting usbguard daemon: "
> > + test -d /var/log/usbguard || mkdir -p /var/log/usbguard
> > + start-stop-daemon -b -S -q -m -p $PIDFILE --exec /usr/sbin/usbguard-daemon -- -f -s -c /etc/usbguard/usbguard-daemon.conf
> > + [ $? = 0 ] && echo "OK" || echo "FAIL"
> > +}
> > +
> > +stop() {
> > + printf "Stopping usbguard daemon: "
> > + start-stop-daemon -K -q -p $PIDFILE
> > + [ $? = 0 ] && echo "OK" || echo "FAIL"
> > +}
> > +
> > +case "$1" in
> > + start)
> > + start
> > + ;;
> > + stop)
> > + stop
> > + ;;
> > + restart|reload)
> > + stop
> > + start
> > + ;;
> > + *)
> > + echo "Usage: $0 {start|stop|restart}"
> > + exit 1
> > +esac
> > +
> > +exit $?
> > diff --git a/package/usbguard/usbguard.hash b/package/usbguard/usbguard.hash
> > new file mode 100644
> > index 0000000000..fd77acc75a
> > --- /dev/null
> > +++ b/package/usbguard/usbguard.hash
> > @@ -0,0 +1,3 @@
> > +# Locally calculated
> > +sha256 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42 usbguard-1.0.0.tar.gz
> > +sha256 a45d0bb572ed792ed34627a72621834b3ba92aab6e2cc4e04301dee7a728d753 LICENSE
> > diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
> > new file mode 100644
> > index 0000000000..72e9e6459a
> > --- /dev/null
> > +++ b/package/usbguard/usbguard.mk
> > @@ -0,0 +1,50 @@
> > +################################################################################
> > +#
> > +## usbguard
> > +#
> > +################################################################################
> > +
> > +USBGUARD_VERSION = 1.0.0
> > +USBGUARD_SITE = https://github.com/USBGuard/usbguard/releases/download/usbguard-$(USBGUARD_VERSION)
> > +USBGUARD_LICENSE = GPL-2.0+
> > +USBGUARD_LICENSE_FILES = LICENSE
> > +USBGUARD_CONF_OPTS= --with-bundled-catch --with-bundled-pegtl \
> > + --disable-debug-build --without-dbus --without-polkit \
> > + --disable-seccomp --disable-umockdev --disable-systemd
> > +
> > +USBGUARD_DEPENDENCIES += libqb protobuf
> > +
> > +ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=openssl
> > +USBGUARD_DEPENDENCIES += libopenssl
> > +endif
> > +ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=gcrypt
> > +USBGUARD_DEPENDENCIES += libgcrypt
> > +endif
> > +ifeq ($(BR2_PACKAGE_LIBSODIUM),y)
> > +USBGUARD_CONF_OPTS += --with-crypto-library=sodium
> > +USBGUARD_DEPENDENCIES += libsodium
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> > +USBGUARD_CONF_OPTS += --enable-systemd
> > +USBGUARD_DEPENDENCIES += systemd
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> > +USBGUARD_CONF_OPTS += --enable-seccomp
> > +USBGUARD_DEPENDENCIES += libseccomp
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
> > +USBGUARD_CONF_OPTS += --enable-libcapng
> > +USBGUARD_DEPENDENCIES += libcap-ng
> > +endif
> > +
> > +define USBGUARD_INSTALL_INIT_SYSV
> > + $(INSTALL) -m 0755 -D package/usbguard/S20usbguard \
> > + $(TARGET_DIR)/etc/init.d/S20usbguard
> > +endef
> > +
> > +$(eval $(autotools-package))
> > --
> > 2.30.2
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
> >
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Kamel Bouhara, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/usbguard: new package
2021-06-17 7:37 ` Kamel Bouhara
@ 2021-06-17 8:00 ` Arnout Vandecappelle
0 siblings, 0 replies; 10+ messages in thread
From: Arnout Vandecappelle @ 2021-06-17 8:00 UTC (permalink / raw)
To: buildroot
On 17/06/2021 09:37, Kamel Bouhara wrote:
> On Wed, Jun 16, 2021 at 11:42:49PM +0200, Arnout Vandecappelle wrote:
>>
>>
>> On 08/06/2021 14:32, Kamel Bouhara wrote:
>>> usbguard is a software framework to implement USB
>>> device blacklisting and whitelisting based on their
>>> attributes.
>>>
>>> More info. on: https://usbguard.github.io/
>>>
>>> Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
>>
>> v3 never came, but I applied to master after all. The default is deny all, so
>> that's OK. I just mentioned in the help text that rules.conf has to be created.
>>
>
> Sorry, I've been busy lately.
>
>> [snip]
>>> +config BR2_PACKAGE_USBGUARD
>>> + bool "usbguard"
>>> + depends on BR2_USE_WCHAR # glib2
>>> + depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
>>> + depends on BR2_USE_MMU # glib2
>>> + depends on BR2_PACKAGE_PROTOBUF
>>
>> The glib2 is wrong here, and the depends on protobuf should be a select (and
>> propagating its dependencies). I changed it like that.
>>
>
> I have to admit it's another bad copy pasting but the dependencies are
> still relevant.
What do you mean with "the dependencies are still relevant"? Do you mean that
it does depend on wchar, threads and MMU even though it doesn't select glib2? In
that case, please send a follow-up patch to add those dependencies (there should
probably already be a few autobuilder failures now that you can refer to).
> I tough the select was only reserved to libraries.
No, there are even cases of select for runtime dependencies of programs that
are exec'd.
But in this case: protobuf actually *is* a library. Not all libraries start
with lib - we generally follow the upstream name, which sometimes does and
sometimes doesn't have lib.
Regards,
Arnout
>
>> Applied to master with those two changes, thanks.
>
> Ack, thanks.
>
> Kamel
>
>>
>> It would be nice to add dbus support, but if someone needs that they can do it.
>>
>> Regards,
>> Arnout
>>
>>> + select BR2_PACKAGE_LIBQB
>>> + help
>>> + The USBGuard software framework
>>> +
>>> + https://usbguard.github.io/
>>> +
>>> +comment "usbguard needs a glibc toolchain w/ threads and wchar"
>>> + depends on BR2_USE_MMU
>>> + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
>>> diff --git a/package/usbguard/S20usbguard b/package/usbguard/S20usbguard
>>> new file mode 100644
>>> index 0000000000..b16d7b4aa2
>>> --- /dev/null
>>> +++ b/package/usbguard/S20usbguard
>>> @@ -0,0 +1,37 @@
>>> +#!/bin/sh
>>> +#
>>> +# Start psplash
>>> +#
>>> +
>>> +PIDFILE=/var/run/$NAME.pid
>>> +
>>> +start() {
>>> + printf "Starting usbguard daemon: "
>>> + test -d /var/log/usbguard || mkdir -p /var/log/usbguard
>>> + start-stop-daemon -b -S -q -m -p $PIDFILE --exec /usr/sbin/usbguard-daemon -- -f -s -c /etc/usbguard/usbguard-daemon.conf
>>> + [ $? = 0 ] && echo "OK" || echo "FAIL"
>>> +}
>>> +
>>> +stop() {
>>> + printf "Stopping usbguard daemon: "
>>> + start-stop-daemon -K -q -p $PIDFILE
>>> + [ $? = 0 ] && echo "OK" || echo "FAIL"
>>> +}
>>> +
>>> +case "$1" in
>>> + start)
>>> + start
>>> + ;;
>>> + stop)
>>> + stop
>>> + ;;
>>> + restart|reload)
>>> + stop
>>> + start
>>> + ;;
>>> + *)
>>> + echo "Usage: $0 {start|stop|restart}"
>>> + exit 1
>>> +esac
>>> +
>>> +exit $?
>>> diff --git a/package/usbguard/usbguard.hash b/package/usbguard/usbguard.hash
>>> new file mode 100644
>>> index 0000000000..fd77acc75a
>>> --- /dev/null
>>> +++ b/package/usbguard/usbguard.hash
>>> @@ -0,0 +1,3 @@
>>> +# Locally calculated
>>> +sha256 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42 usbguard-1.0.0.tar.gz
>>> +sha256 a45d0bb572ed792ed34627a72621834b3ba92aab6e2cc4e04301dee7a728d753 LICENSE
>>> diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
>>> new file mode 100644
>>> index 0000000000..72e9e6459a
>>> --- /dev/null
>>> +++ b/package/usbguard/usbguard.mk
>>> @@ -0,0 +1,50 @@
>>> +################################################################################
>>> +#
>>> +## usbguard
>>> +#
>>> +################################################################################
>>> +
>>> +USBGUARD_VERSION = 1.0.0
>>> +USBGUARD_SITE = https://github.com/USBGuard/usbguard/releases/download/usbguard-$(USBGUARD_VERSION)
>>> +USBGUARD_LICENSE = GPL-2.0+
>>> +USBGUARD_LICENSE_FILES = LICENSE
>>> +USBGUARD_CONF_OPTS= --with-bundled-catch --with-bundled-pegtl \
>>> + --disable-debug-build --without-dbus --without-polkit \
>>> + --disable-seccomp --disable-umockdev --disable-systemd
>>> +
>>> +USBGUARD_DEPENDENCIES += libqb protobuf
>>> +
>>> +ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
>>> +USBGUARD_CONF_OPTS += --with-crypto-library=openssl
>>> +USBGUARD_DEPENDENCIES += libopenssl
>>> +endif
>>> +ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
>>> +USBGUARD_CONF_OPTS += --with-crypto-library=gcrypt
>>> +USBGUARD_DEPENDENCIES += libgcrypt
>>> +endif
>>> +ifeq ($(BR2_PACKAGE_LIBSODIUM),y)
>>> +USBGUARD_CONF_OPTS += --with-crypto-library=sodium
>>> +USBGUARD_DEPENDENCIES += libsodium
>>> +endif
>>> +
>>> +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
>>> +USBGUARD_CONF_OPTS += --enable-systemd
>>> +USBGUARD_DEPENDENCIES += systemd
>>> +endif
>>> +
>>> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
>>> +USBGUARD_CONF_OPTS += --enable-seccomp
>>> +USBGUARD_DEPENDENCIES += libseccomp
>>> +endif
>>> +
>>> +ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
>>> +USBGUARD_CONF_OPTS += --enable-libcapng
>>> +USBGUARD_DEPENDENCIES += libcap-ng
>>> +endif
>>> +
>>> +define USBGUARD_INSTALL_INIT_SYSV
>>> + $(INSTALL) -m 0755 -D package/usbguard/S20usbguard \
>>> + $(TARGET_DIR)/etc/init.d/S20usbguard
>>> +endef
>>> +
>>> +$(eval $(autotools-package))
>>> --
>>> 2.30.2
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot at busybox.net
>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>
> --
> Kamel Bouhara, Bootlin
> Embedded Linux and kernel engineering
> https://bootlin.com
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-06-17 8:00 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-08 12:32 [Buildroot] [PATCH v2 1/2] package/libqb: new package Kamel Bouhara
2021-06-08 12:32 ` [Buildroot] [PATCH v2 2/2] package/usbguard: " Kamel Bouhara
2021-06-08 12:37 ` Miquel Raynal
2021-06-11 10:37 ` Miquel Raynal
2021-06-11 11:25 ` Kamel Bouhara
2021-06-11 12:00 ` Thomas Petazzoni
2021-06-14 7:08 ` Kamel Bouhara
2021-06-16 21:42 ` Arnout Vandecappelle
2021-06-17 7:37 ` Kamel Bouhara
2021-06-17 8:00 ` Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.