Rebase usbguard to 1.0.0

.gitignore

@@ -19,3 +19,4 @@
 /usbguard-selinux-0.0.3.tar.gz
 /usbguard-0.7.8.tar.gz
 /usbguard-selinux-0.0.4.tar.gz
+/usbguard-1.0.0.tar.gz

sources

@@ -1,2 +1,2 @@
-SHA512 (usbguard-0.7.8.tar.gz) = 315c25ed7eb61cc0920047836dcca035cb07aecb6dfece9e4f6dc2ad61aaf6fdbf86898e43493958f3d12a146eb4c8f88b90bb246da0df83bb2097ce5b853e88
+SHA512 (usbguard-1.0.0.tar.gz) = 068a9be8bd5ea05efcdad79e2c4beb5e8b646b4703fbe1f8bb262e37ae9a6284a6eeb811a6bd441250a38bce1e45b7f44ad15726aa5963da2e1b56e85f5e16fd
 SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0

usbguard-forking-style.patch

@@ -1,34 +0,0 @@
-diff -up ./usbguard.service.in.forking ./usbguard.service.in
---- ./usbguard.service.in.forking	2020-06-17 20:07:04.720564149 +0200
-+++ ./usbguard.service.in	2020-06-17 20:10:00.744063846 +0200
-@@ -8,11 +8,12 @@ AmbientCapabilities=
- CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
- DeviceAllow=/dev/null rw
- DevicePolicy=strict
--ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf
-+ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
- IPAddressDeny=any
- LockPersonality=yes
- MemoryDenyWriteExecute=yes
- NoNewPrivileges=yes
-+PIDFile=/var/run/usbguard.pid
- PrivateDevices=yes
- PrivateTmp=yes
- ProtectControlGroups=yes
-@@ -20,14 +21,14 @@ ProtectHome=yes
- ProtectKernelModules=yes
- ProtectSystem=yes
- ReadOnlyPaths=-/
--ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/
-+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run
- Restart=on-failure
- RestrictAddressFamilies=AF_UNIX AF_NETLINK
- RestrictNamespaces=yes
- RestrictRealtime=yes
- SystemCallArchitectures=native
- SystemCallFilter=@system-service
--Type=simple
-+Type=forking
- UMask=0077
- 
- [Install]

usbguard-service-fips.patch

@@ -1,13 +0,0 @@
-diff -up ./usbguard.service.in.service-fips ./usbguard.service.in
---- ./usbguard.service.in.service-fips	2020-06-22 10:44:44.815860376 +0200
-+++ ./usbguard.service.in	2020-06-22 10:45:07.699135514 +0200
-@@ -6,8 +6,7 @@ Documentation=man:usbguard-daemon(8)
- [Service]
- AmbientCapabilities=
- CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
--DeviceAllow=/dev/null rw
--DevicePolicy=strict
-+DevicePolicy=closed
- ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
- IPAddressDeny=any
- LockPersonality=yes

usbguard.spec

@@ -3,8 +3,8 @@
 %define semodule_version 0.0.4
 
 Name:           usbguard
-Version:        0.7.8
-Release:        6%{?dist}
+Version:        1.0.0
+Release:        1%{?dist}
 Summary:        A tool for implementing USB device usage policy
 License:        GPLv2+
 ## Not installed
@@ -39,9 +39,6 @@ BuildRequires: audit-libs-devel
 # For `pkg-config systemd` only
 BuildRequires: systemd
 
-Patch1: usbguard-forking-style.patch
-Patch2: usbguard-service-fips.patch
-
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
 devices by implementing basic whitelisting/blacklisting capabilities based on
@@ -103,9 +100,6 @@ daemon.
 # selinux
 %setup -q -D -T -a 1
 
-%patch1 -p1 -b .service1
-%patch2 -p1 -b .service2
-
 # Remove bundled library sources before build
 rm -rf src/ThirdParty/{Catch,PEGTL}
 
@@ -228,6 +222,14 @@ fi
 
 
 %changelog
+* Thu Jan 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.0-1
+- rebase usbguard to 1.0.0
+- added support for rules covering combination of classes
+- fix usbguard being killed
+Resolves: rhbz#1916039
+Resolves: rhbz#1861330
+Resolves: rhbz#1905257
+
 * Wed Jan 13 14:43:57 CET 2021 Adrian Reber <adrian@lisas.de> - 0.7.8-6
 - Rebuilt for protobuf 3.14