| Message ID | 20190729080432.20866-1-ayoub.zaki@embexus.com |
|---|---|
| State | Changes Requested |
| Headers | show |
diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch new file mode 100644 index 000000000..022320b40 --- /dev/null +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch @@ -0,0 +1,25 @@ +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001 +From: Ayoub Zaki <ayoub.zaki@embexus.com> +Date: Mon, 29 Jul 2019 09:46:56 +0200 +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config + +--- + m4/libgcrypt.m4 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 +index 6cf482f..d674eae 100644 +--- a/m4/libgcrypt.m4 ++++ b/m4/libgcrypt.m4 +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") + if test x$libgcrypt_config_prefix != x ; then + if test x${LIBGCRYPT_CONFIG+set} != xset ; then +- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config ++ LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt) + fi + fi + +-- +2.17.1 + diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb new file mode 100644 index 000000000..75ab62c3a --- /dev/null +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb @@ -0,0 +1,37 @@ +DESCRIPTION="USBGuard framework helps to protect against BadUSB." +HOMEPAGE="https://github.com/dkopecek/usbguard" +LICENSE="GPLv2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022" + +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c" +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \ + file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \ + " + +inherit autotools pkgconfig systemd bash-completion + +S = "${WORKDIR}/git" + +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \ + dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl" + +EXTRA_OECONF += "--with-bundled-catch" + +PACKAGECONFIG ??= "libsodium \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}" + +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium" +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt" +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit" +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus" + +SYSTEMD_SERVICE_${PN} = "${PN}.service" +SYSTEMD_PACKAGES += "${PN}" + +do_install_append(){ + + sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \ + ${D}${sysconfdir}/usbguard/usbguard-daemon.conf +}
On Mon, Jul 29, 2019 at 1:04 AM Ayoub Zaki <ayoub.zaki@embexus.com> wrote: > > Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB) > by implementing basic whitelisting and blacklisting capabilities based on device attributes. > --- > ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++ > .../usbguard/usbguard_0.7.4.bb | 37 +++++++++++++++++++ > 2 files changed, 62 insertions(+) > create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch > create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb > > diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch > new file mode 100644 > index 000000000..022320b40 > --- /dev/null > +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch > @@ -0,0 +1,25 @@ > +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001 > +From: Ayoub Zaki <ayoub.zaki@embexus.com> > +Date: Mon, 29 Jul 2019 09:46:56 +0200 > +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config > + > +--- > + m4/libgcrypt.m4 | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 > +index 6cf482f..d674eae 100644 > +--- a/m4/libgcrypt.m4 > ++++ b/m4/libgcrypt.m4 > +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], > + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") > + if test x$libgcrypt_config_prefix != x ; then > + if test x${LIBGCRYPT_CONFIG+set} != xset ; then > +- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config > ++ LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt) > + fi > + fi > + > +-- > +2.17.1 > + > diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb > new file mode 100644 > index 000000000..75ab62c3a > --- /dev/null > +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb > @@ -0,0 +1,37 @@ > +DESCRIPTION="USBGuard framework helps to protect against BadUSB." > +HOMEPAGE="https://github.com/dkopecek/usbguard" > +LICENSE="GPLv2" > +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022" > + > +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c" > +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \ > + file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \ > + " > + > +inherit autotools pkgconfig systemd bash-completion > + > +S = "${WORKDIR}/git" > + > +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \ > + dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl" > + make it += > +EXTRA_OECONF += "--with-bundled-catch" > + we do have catch package recipe, have you considered using that > +PACKAGECONFIG ??= "libsodium \ > + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ > + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}" > + > +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" > +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium" > +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt" > +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit" > +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus" > + I think the dependencies added unconditionally above should be added via packageconfigs. > +SYSTEMD_SERVICE_${PN} = "${PN}.service" > +SYSTEMD_PACKAGES += "${PN}" Using PN on right hand side will fail for multilib builds. May be use BPN > + > +do_install_append(){ > + > + sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \ > + ${D}${sysconfdir}/usbguard/usbguard-daemon.conf > +} > -- > 2.17.1 > > -- > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
there are build failures still https://errors.yoctoproject.org/Errors/Details/255457/ On Mon, Jul 29, 2019 at 7:14 AM Khem Raj <raj.khem@gmail.com> wrote: > > On Mon, Jul 29, 2019 at 1:04 AM Ayoub Zaki <ayoub.zaki@embexus.com> wrote: > > > > Introduce the USBGuard software framework that helps to protect against rogue USB devices (a.k.a. BadUSB) > > by implementing basic whitelisting and blacklisting capabilities based on device attributes. > > --- > > ...kgconfig-instead-of-libgcrypt-config.patch | 25 +++++++++++++ > > .../usbguard/usbguard_0.7.4.bb | 37 +++++++++++++++++++ > > 2 files changed, 62 insertions(+) > > create mode 100644 meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch > > create mode 100644 meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb > > > > diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch > > new file mode 100644 > > index 000000000..022320b40 > > --- /dev/null > > +++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Use-pkgconfig-instead-of-libgcrypt-config.patch > > @@ -0,0 +1,25 @@ > > +From 85a3c46fa0bcf05d824b86b7e5412ec65924e86a Mon Sep 17 00:00:00 2001 > > +From: Ayoub Zaki <ayoub.zaki@embexus.com> > > +Date: Mon, 29 Jul 2019 09:46:56 +0200 > > +Subject: [PATCH 1/1] Use pkgconfig instead of libgcrypt-config > > + > > +--- > > + m4/libgcrypt.m4 | 2 +- > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > + > > +diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 > > +index 6cf482f..d674eae 100644 > > +--- a/m4/libgcrypt.m4 > > ++++ b/m4/libgcrypt.m4 > > +@@ -28,7 +28,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], > > + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") > > + if test x$libgcrypt_config_prefix != x ; then > > + if test x${LIBGCRYPT_CONFIG+set} != xset ; then > > +- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config > > ++ LIBGCRYPT_CONFIG=$(shell pkg-config libgcrypt) > > + fi > > + fi > > + > > +-- > > +2.17.1 > > + > > diff --git a/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb > > new file mode 100644 > > index 000000000..75ab62c3a > > --- /dev/null > > +++ b/meta-oe/recipes-security/usbguard/usbguard_0.7.4.bb > > @@ -0,0 +1,37 @@ > > +DESCRIPTION="USBGuard framework helps to protect against BadUSB." > > +HOMEPAGE="https://github.com/dkopecek/usbguard" > > +LICENSE="GPLv2" > > +LIC_FILES_CHKSUM = "file://LICENSE;md5=8264535c0c4e9c6c335635c4026a8022" > > + > > +SRCREV = "0ab32d7fa092067030fcbef530968b5cc237b08c" > > +SRC_URI = "git://git@github.com/USBGuard/usbguard.git;protocol=https;branch=master \ > > + file://0001-Use-pkgconfig-instead-of-libgcrypt-config.patch \ > > + " > > + > > +inherit autotools pkgconfig systemd bash-completion > > + > > +S = "${WORKDIR}/git" > > + > > +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \ > > + dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl" > > + > > make it += > > > +EXTRA_OECONF += "--with-bundled-catch" > > + > > we do have catch package recipe, have you considered using that > > > +PACKAGECONFIG ??= "libsodium \ > > + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ > > + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}" > > + > > +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" > > +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium" > > +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt" > > +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit" > > +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus" > > + > > I think the dependencies added unconditionally above should be added > via packageconfigs. > > > +SYSTEMD_SERVICE_${PN} = "${PN}.service" > > +SYSTEMD_PACKAGES += "${PN}" > > Using PN on right hand side will fail for multilib builds. May be use BPN > > > + > > +do_install_append(){ > > + > > + sed -i 's|/var/log/usbguard/usbguard-audit.log|/var/log/usbguard-audit.log|g' \ > > + ${D}${sysconfdir}/usbguard/usbguard-daemon.conf > > +} > > -- > > 2.17.1 > > > > -- > > _______________________________________________ > > Openembedded-devel mailing list > > Openembedded-devel@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
On Mon, Jul 29, 2019 at 07:40:43AM -0700, Khem Raj wrote: > there are build failures still > > https://errors.yoctoproject.org/Errors/Details/255457/ +DEPENDS = "protobuf-native libxml2-native libxslt-native xmlto-native glib-2.0-native \ + dbus dbus-glib libqb libcap-ng libgcrypt libsodium protobuf pegtl" ... +PACKAGECONFIG ??= "libsodium \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)}" + +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" +PACKAGECONFIG[libsodium] = "--with-crypto-library=sodium" +PACKAGECONFIG[libgcrypt] = "--with-crypto-library=gcrypt" +PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit" +PACKAGECONFIG[dbus] = "--with-dbus,--without-dbus" The problem is that dependencies should be added as third parameter to PACKAGECONFIG, which is missing here for polkit. Note that there is also the (less harmful) opposite problem here: The libsodium, libgcrypt and dbus/dbus-glib dependencies are likely only required when the corresponding functionality is enabled via PACKAGECONFIG. cu Adrian