Update to 0.7.0
- changed PresentDevicePolicy setting from keep to apply-policy - added AuditFilePath configuration option pointing to /var/log/usbguard/usbguard-audit.log file - install bash-completion script - use 0600 file permissions for usbguard-daemon.conf and rules.conf
This commit is contained in:
Daniel Kopeček
parent
93c60700b9
commit
d1dc25eb07
1
.gitignore
vendored
1
.gitignore
vendored
@ -9,3 +9,4 @@
|
||||
/dkopecek-usbguard-fcde518.tar.gz
|
||||
/dkopecek-usbguard-522c34c.tar.gz
|
||||
/dkopecek-usbguard-e528ff6.tar.gz
|
||||
/usbguard-0.7.0.tar.gz
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (dkopecek-usbguard-e528ff6.tar.gz) = 9aca5e19ebfc32b964ce52b38d6ef2b1b1523112f78c78b6ac6667216061c3143fdeddb7d5f8458d6e4e95928f63db66d3e59aa04ac0c50046de4632abf1c83a
|
||||
SHA512 (usbguard-0.7.0.tar.gz) = e0a63457011379f50cc5eb14516bb1b6192d5710c81e7fa9042b67c481514158811e761e982ad16a9b1fcae62c58e68574910da1a98be3a07e6c99f69d5c03c4
|
||||
|
||||
@ -34,7 +34,7 @@ ImplicitPolicyTarget=block
|
||||
# * apply-policy - evaluate the ruleset for every present
|
||||
# device
|
||||
#
|
||||
PresentDevicePolicy=keep
|
||||
PresentDevicePolicy=apply-policy
|
||||
|
||||
#
|
||||
# Present controller policy.
|
||||
@ -93,3 +93,8 @@ IPCAllowedGroups=wheel
|
||||
# details.
|
||||
#
|
||||
DeviceRulesWithPort=false
|
||||
|
||||
#
|
||||
# USBGuard audit events log file path.
|
||||
#
|
||||
AuditFilePath=/var/log/usbguard/usbguard-audit.log
|
||||
|
||||
@ -1,27 +1,20 @@
|
||||
%global _hardened_build 1
|
||||
|
||||
%global gitdate 20170319
|
||||
%global gittag e528ff6fa8ce2ec522004e25fb3e3c48a63f5bbd
|
||||
%global shorttag %(c=%{gittag}; echo ${c:0:7})
|
||||
%global user dkopecek
|
||||
%define with_gui_qt5 1
|
||||
%define with_dbus 1
|
||||
|
||||
Name: usbguard
|
||||
Version: 0.6.3
|
||||
Release: 0.1.%{gitdate}git%{shorttag}%{?dist}
|
||||
Version: 0.7.0
|
||||
Release: 1%{?dist}
|
||||
Summary: A tool for implementing USB device usage policy
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2+
|
||||
## Not installed
|
||||
# src/ThirdParty/Catch: Boost Software License - Version 1.0
|
||||
URL: https://dkopecek.github.io/usbguard
|
||||
# Regular source URL
|
||||
#Source0: https://github.com/dkopecek/usbguard/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
|
||||
# Snapshot source URL
|
||||
Source0: https://github.com/%{user}/%{name}/tarball/%{gittag}/%{user}-%{name}-%{shorttag}.tar.gz
|
||||
Source0: https://github.com/dkopecek/usbguard/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: usbguard-daemon.conf
|
||||
|
||||
Patch0: usbguard-0.6.3-disable-cast-align-warning.patch
|
||||
|
||||
Requires: systemd
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
@ -31,20 +24,33 @@ Requires(postun): /sbin/ldconfig
|
||||
|
||||
BuildRequires: libqb-devel
|
||||
BuildRequires: libgcrypt-devel
|
||||
BuildRequires: systemd systemd-devel
|
||||
BuildRequires: libstdc++-devel
|
||||
BuildRequires: protobuf-devel protobuf-compiler
|
||||
BuildRequires: PEGTL-static
|
||||
BuildRequires: catch-devel
|
||||
BuildRequires: autoconf automake libtool
|
||||
BuildRequires: bash-completion
|
||||
# For `pkg-config systemd` only
|
||||
BuildRequires: systemd
|
||||
|
||||
%if 0%{with_gui_qt5}
|
||||
BuildRequires: qt5-qtbase-devel qt5-qtsvg-devel qt5-linguist
|
||||
%endif
|
||||
|
||||
%if 0%{with_dbus}
|
||||
BuildRequires: dbus-glib-devel
|
||||
BuildRequires: dbus-devel
|
||||
BuildRequires: glib2-devel
|
||||
BuildRequires: polkit-devel
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: libxml2
|
||||
BuildRequires: catch-devel
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: pandoc
|
||||
BuildRequires: autoconf automake libtool
|
||||
%endif
|
||||
|
||||
Patch0: usbguard-0.6.3-disable-cast-align-warning.patch
|
||||
|
||||
%description
|
||||
The USBGuard software framework helps to protect your computer against rogue USB
|
||||
@ -71,6 +77,8 @@ Requires: %{name} = %{version}-%{release}
|
||||
The %{name}-tools package contains optional tools from the USBGuard
|
||||
software framework.
|
||||
|
||||
%if 0%{with_gui_qt5}
|
||||
###
|
||||
%package applet-qt
|
||||
Summary: USBGuard Qt 5.x Applet
|
||||
Group: Applications/System
|
||||
@ -80,7 +88,11 @@ Obsoletes: usbguard-applet-qt <= 0.3
|
||||
%description applet-qt
|
||||
The %{name}-applet-qt package contains an optional Qt 5.x desktop applet
|
||||
for interacting with the USBGuard daemon component.
|
||||
###
|
||||
%endif
|
||||
|
||||
%if 0%{with_dbus}
|
||||
###
|
||||
%package dbus
|
||||
Summary: USBGuard D-Bus Service
|
||||
Group: Applications/System
|
||||
@ -91,9 +103,11 @@ Requires: polkit
|
||||
%description dbus
|
||||
The %{name}-dbus package contains an optional component that provides
|
||||
a D-Bus interface to the USBGuard daemon component.
|
||||
###
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n %{user}-%{name}-%{shorttag}
|
||||
%setup -q
|
||||
# Remove bundled library sources before build
|
||||
rm -rf src/ThirdParty/{Catch,PEGTL}
|
||||
|
||||
@ -107,9 +121,16 @@ autoreconf -i -v --no-recursive ./
|
||||
--without-bundled-catch \
|
||||
--without-bundled-pegtl \
|
||||
--enable-systemd \
|
||||
%if 0%{with_gui_qt5}
|
||||
--with-gui-qt=qt5 \
|
||||
%endif
|
||||
%if 0%{with_dbus}
|
||||
--with-dbus \
|
||||
--with-polkit \
|
||||
%else
|
||||
--without-dbus \
|
||||
--without-polkit \
|
||||
%endif
|
||||
--with-crypto-library=gcrypt \
|
||||
--enable-werror
|
||||
|
||||
@ -146,14 +167,17 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
|
||||
%{_libdir}/*.so.*
|
||||
%{_sbindir}/usbguard-daemon
|
||||
%{_bindir}/usbguard
|
||||
%dir %{_localstatedir}/log/usbguard
|
||||
%dir %{_sysconfdir}/usbguard
|
||||
%config(noreplace) %{_sysconfdir}/usbguard/usbguard-daemon.conf
|
||||
%config(noreplace) %{_sysconfdir}/usbguard/rules.conf
|
||||
%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
|
||||
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
|
||||
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
|
||||
%{_unitdir}/usbguard.service
|
||||
%{_datadir}/man/man8/usbguard-daemon.8.gz
|
||||
%{_datadir}/man/man5/usbguard-daemon.conf.5.gz
|
||||
%{_datadir}/man/man5/usbguard-rules.conf.5.gz
|
||||
%{_datadir}/man/man1/usbguard.1.gz
|
||||
%{_datadir}/bash-completion/completions/usbguard
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
@ -165,13 +189,19 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
|
||||
%defattr(-,root,root,-)
|
||||
%{_bindir}/usbguard-rule-parser
|
||||
|
||||
%if 0%{with_gui_qt5}
|
||||
###
|
||||
%files applet-qt
|
||||
%defattr(-,root,root,-)
|
||||
%{_bindir}/usbguard-applet-qt
|
||||
%{_mandir}/man1/usbguard-applet-qt.1.gz
|
||||
%{_datadir}/applications/usbguard-applet-qt.desktop
|
||||
%{_datadir}/icons/hicolor/scalable/apps/usbguard-icon.svg
|
||||
###
|
||||
%endif
|
||||
|
||||
%if 0%{with_dbus}
|
||||
###
|
||||
%files dbus
|
||||
%defattr(-,root,root,-)
|
||||
%{_sbindir}/usbguard-dbus
|
||||
@ -189,9 +219,18 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
|
||||
|
||||
%postun dbus
|
||||
%systemd_postun_with_restart usbguard-dbus.service
|
||||
|
||||
###
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Apr 13 2017 Daniel Kopeček <dkopecek@redhat.com> 0.7.0-1
|
||||
- Update to 0.7.0
|
||||
- changed PresentDevicePolicy setting from keep to apply-policy
|
||||
- added AuditFilePath configuration option pointing to
|
||||
/var/log/usbguard/usbguard-audit.log file
|
||||
- install bash-completion script
|
||||
- use 0600 file permissions for usbguard-daemon.conf and rules.conf
|
||||
|
||||
* Sun Mar 19 2017 Daniel Kopeček <dkopecek@redhat.com> 0.6.3-0.1.20170319
|
||||
- Update to latest git snapshot
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user