From patchwork Fri Apr 17 12:34:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brice Waegeneire X-Patchwork-Id: 21338 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BABA727BBE4; Fri, 17 Apr 2020 13:35:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 54FE127BBE1 for ; Fri, 17 Apr 2020 13:35:24 +0100 (BST) Received: from localhost ([::1]:46718 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jPQDL-0006D7-TM for patchwork@mira.cbaines.net; Fri, 17 Apr 2020 08:35:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56629) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jPQD4-0005rl-4S for guix-patches@gnu.org; Fri, 17 Apr 2020 08:35:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jPQD1-000165-N1 for guix-patches@gnu.org; Fri, 17 Apr 2020 08:35:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:56850) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jPQD0-00014x-W7 for guix-patches@gnu.org; Fri, 17 Apr 2020 08:35:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jPQD0-0002qM-Tz for guix-patches@gnu.org; Fri, 17 Apr 2020 08:35:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#40607] [PATCH v2 3/3] gnu: Add usbguard. Resent-From: Brice Waegeneire Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 17 Apr 2020 12:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40607 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 40607@debbugs.gnu.org Received: via spool by 40607-submit@debbugs.gnu.org id=B40607.158712688710884 (code B ref 40607); Fri, 17 Apr 2020 12:35:02 +0000 Received: (at 40607) by debbugs.gnu.org; 17 Apr 2020 12:34:47 +0000 Received: from localhost ([127.0.0.1]:40160 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jPQCk-0002pP-V3 for submit@debbugs.gnu.org; Fri, 17 Apr 2020 08:34:47 -0400 Received: from relay4-d.mail.gandi.net ([217.70.183.196]:49919) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jPQCi-0002og-Ht for 40607@debbugs.gnu.org; Fri, 17 Apr 2020 08:34:45 -0400 X-Originating-IP: 78.237.113.178 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id A6C56E000F for <40607@debbugs.gnu.org>; Fri, 17 Apr 2020 12:34:38 +0000 (UTC) From: Brice Waegeneire Date: Fri, 17 Apr 2020 14:34:21 +0200 Message-Id: <20200417123421.3924-4-brice@waegenei.re> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200417123421.3924-1-brice@waegenei.re> References: <20200417123421.3924-1-brice@waegenei.re> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/packages/hardware.scm (usbguard): New variable. --- gnu/packages/hardware.scm | 85 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/gnu/packages/hardware.scm b/gnu/packages/hardware.scm index 7c59984599..11317e77fd 100644 --- a/gnu/packages/hardware.scm +++ b/gnu/packages/hardware.scm @@ -21,12 +21,17 @@ (define-module (gnu packages hardware) #:use-module (gnu packages autotools) #:use-module (gnu packages compression) + #:use-module (gnu packages crypto) + #:use-module (gnu packages documentation) #:use-module (gnu packages gcc) #:use-module (gnu packages glib) #:use-module (gnu packages libusb) #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) + #:use-module (gnu packages openldap) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages polkit) + #:use-module (gnu packages protobuf) #:use-module (gnu packages xdisorg) #:use-module (gnu packages xml) #:use-module (gnu packages xorg) @@ -337,3 +342,83 @@ not intended to be an all-encompassing library, but instead provide focused APIs that are highly tuned for maximum performance for client-server applications.") (license license:lgpl2.1))) + +(define-public usbguard + (package + (name "usbguard") + (version "0.7.6") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/USBGuard/usbguard/releases/download/usbguard-" + version "/usbguard-" version ".tar.gz")) + (file-name (git-file-name name version)) + (sha256 + (base32 "0gzhs8s4aka86mkcjib36z54si939ki4bmk46p6v8kln1fixad3j")))) + (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'configure 'patch-makefile + (lambda _ + ;; Do not create log directory. + (substitute* "Makefile" ((".*/log/usbguard.*") "")) + ;; Disable LDAP tests: they use 'sudo'. + (substitute* "src/Tests/Makefile.am" + (("WITH_LDAP") "FALSE")) + #t)) + (add-after 'install 'delete-static-library + (lambda* (#:key outputs #:allow-other-keys) + ;; It can't be direclty disabled since it's needed for the tests. + (delete-file (string-append (assoc-ref outputs "out") + "/lib/libusbguard.a")) + #t)) + (add-after 'install 'install-zsh-completion + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (site-functions + (string-append out "/share/zsh/site-functions"))) + (mkdir-p site-functions) + (copy-file "scripts/usbguard-zsh-completion" + (string-append site-functions "/_usbguard")) + #t)))) + #:make-flags + (list (string-append "BASH_COMPLETION_DIR=" + (assoc-ref %outputs "out") + "/etc/bash_completion.d")) + #:configure-flags + (list + "--localstatedir=/var" + "--with-bundled-pegtl" + "--enable-systemd=no" + "--with-ldap" + "--with-dbus" + "--with-polkit"))) + (inputs + `(("audit" ,audit) + ("catch" ,catch-framework) + ("dbus-glib" ,dbus-glib) + ("ldap" ,openldap) + ("libcap-ng" ,libcap-ng) + ("libseccomp" ,libseccomp) + ("libsodium" ,libsodium) + ("polkit" ,polkit) + ("protobuf" ,protobuf) + ("libqb" ,libqb))) + (native-inputs + `(("asciidoc" ,asciidoc) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("bash-completion" ,bash-completion) + ("gdbus-codegen" ,glib "bin") + ("umockdev" ,umockdev) + ("xmllint" ,libxml2) + ("xsltproc" ,libxslt) + ("pkg-config" ,pkg-config))) + (home-page "https://usbguard.github.io") + (synopsis "Helps to protect your computer against rogue USB devices (a.k.a. BadUSB)") + (description "USBGuard is a software framework for implementing USB device +authorization policies (what kind of USB devices are authorized) as well as +method of use policies (how a USB device may interact with the system). +Simply put, it is a USB device whitelisting tool.") + (license license:gpl2)))