From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E56AA158176 for ; Fri, 17 Oct 2025 21:57:52 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id CBB1D341F10 for ; Fri, 17 Oct 2025 21:57:52 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id CC1741104B5; Fri, 17 Oct 2025 21:57:51 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id C5C371104B5 for ; Fri, 17 Oct 2025 21:57:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7840F341F10 for ; Fri, 17 Oct 2025 21:57:51 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 14CE427F4 for ; Fri, 17 Oct 2025 21:57:50 +0000 (UTC) From: "Sebastian Pipping" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sebastian Pipping" Message-ID: <1760738245.288d402d528a13fca65a30becc4dea03ecdfb228.sping@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/usbguard/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/usbguard/usbguard-1.1.4-r1.ebuild X-VCS-Directories: sys-apps/usbguard/ X-VCS-Committer: sping X-VCS-Committer-Name: Sebastian Pipping X-VCS-Revision: 288d402d528a13fca65a30becc4dea03ecdfb228 X-VCS-Branch: master Date: Fri, 17 Oct 2025 21:57:50 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 2d93e311-98ee-4cc8-ba72-80c140b63b26 X-Archives-Hash: a5b99bf37f2a95fd51333e342f4580b6 commit: 288d402d528a13fca65a30becc4dea03ecdfb228 Author: Sebastian Pipping gentoo org> AuthorDate: Fri Oct 17 21:55:59 2025 +0000 Commit: Sebastian Pipping gentoo org> CommitDate: Fri Oct 17 21:57:25 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=288d402d sys-apps/usbguard: Address QA warning about empty directories below /var Closes: https://bugs.gentoo.org/960270 Signed-off-by: Sebastian Pipping gentoo.org> sys-apps/usbguard/usbguard-1.1.4-r1.ebuild | 105 +++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/sys-apps/usbguard/usbguard-1.1.4-r1.ebuild b/sys-apps/usbguard/usbguard-1.1.4-r1.ebuild new file mode 100644 index 000000000000..53a9a1c8a39d --- /dev/null +++ b/sys-apps/usbguard/usbguard-1.1.4-r1.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools bash-completion-r1 tmpfiles + +DESCRIPTION="Daemon protecting your computer against BadUSB" +HOMEPAGE="https://github.com/USBGuard/usbguard" +SRC_URI="https://github.com/USBGuard/usbguard/releases/download/${P}/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0/1" # due to libusbguard.so.<1>.0.0 +KEYWORDS="~amd64 ~x86" +IUSE="dbus ldap policykit selinux static-libs systemd test umockdev" + +# https://github.com/USBGuard/usbguard/issues/449 +# https://bugs.gentoo.org/769692 +REQUIRED_USE+=" test? ( static-libs )" + +CDEPEND=" + dev-libs/pegtl + >=dev-libs/libsodium-0.4.5:= + >=dev-libs/protobuf-2.5.0:=[protoc(+)] + >=sys-cluster/libqb-0.16.0:= + sys-devel/gcc:*[cxx] + >=sys-libs/libcap-ng-0.7.0 + >=sys-libs/libseccomp-2.0.0 + >=sys-process/audit-2.7.7 + dbus? ( + dev-libs/glib:2 + sys-apps/dbus + sys-auth/polkit[introspection] + ) + ldap? ( net-nds/openldap:= ) + systemd? ( sys-apps/systemd ) + umockdev? ( dev-util/umockdev ) + " +RDEPEND="${CDEPEND} + virtual/udev + selinux? ( sec-policy/selinux-usbguard ) + " +DEPEND="${CDEPEND} + app-text/asciidoc + test? ( dev-cpp/catch:0 ) + dbus? ( + dev-libs/libxml2 + dev-libs/libxslt + dev-util/gdbus-codegen + ) + " + +RESTRICT="!test? ( test )" + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myargs=( + --with-bash-completion-dir=$(get_bashcompdir) + --localstatedir=/var # i.e. not /var/lib, bug 852296 + $(use_with dbus) + $(use_with dbus polkit) + $(use_with ldap) + $(use_enable static-libs static) + $(use_enable systemd) + $(use_enable test catch) + $(use_enable umockdev) + ) + + econf "${myargs[@]}" +} + +src_install() { + default + + keepdir /etc/usbguard/IPCAccessControl.d # bug 808801 + keepdir /etc/usbguard/rules.d # bug 933878 + chmod 0600 "${ED}"/etc/usbguard/IPCAccessControl.d/.keep* || die # bug 808801 + chmod 0600 "${ED}"/etc/usbguard/rules.d/.keep* || die # bug 933878 + + newinitd "${FILESDIR}"/${PN}-0.7.6-usbguard.openrc usbguard + use dbus && newinitd "${FILESDIR}"/${PN}-0.7.6-usbguard-dbus.openrc usbguard-dbus + + find "${D}" -name '*.la' -delete || die # bug 850655 + + rmdir -p "${D}"/var/log/usbguard # see pkg_postinst; bug 960270 +} + +pkg_postinst() { + tmpfiles_process usbguard.conf + + ewarn + ewarn 'BEFORE STARTING USBGUARD please be sure to create/generate' + ewarn ' a rules file at /etc/usbguard/rules.conf' + ewarn ' so that you do not' + ewarn ' GET LOCKED OUT' + ewarn " of this system (\"$(hostname)\")." + ewarn + ewarn 'This command may be of help:' + ewarn ' sudo sh -c "usbguard generate-policy > /etc/usbguard/rules.conf"' + ewarn +}