depot/third_party/nixpkgs/pkgs/os-specific/linux/usbguard/default.nix

100 lines
2.2 KiB
Nix
Raw Normal View History

{ stdenv
, lib
, fetchFromGitHub
, fetchpatch
, autoreconfHook
, installShellFiles
, nixosTests
, asciidoc
, pkg-config
, libxslt
, libxml2
, docbook_xml_dtd_45
, docbook_xsl
, dbus-glib
, libcap_ng
, libqb
, libseccomp
, polkit
, protobuf
, audit
, libsodium
}:
stdenv.mkDerivation rec {
version = "1.1.2";
pname = "usbguard";
src = fetchFromGitHub {
owner = "USBGuard";
repo = pname;
rev = "usbguard-${version}";
sha256 = "sha256-uwNoKczmVOMpkU4KcKTOtbcTHiYVGXjk/rVbqMl5pGk=";
fetchSubmodules = true;
};
patches = [
# Pull upstream fix for gcc-13:
# https://github.com/USBGuard/usbguard/pull/586
(fetchpatch {
name = "gcc-13.patch";
url = "https://github.com/USBGuard/usbguard/commit/22b1e0897af977cc96af926c730ff948bd120bb5.patch";
hash = "sha256-yw0ZHcn6naHcsfsqdBB/aTgCwvEHecew/6HDmjyY2ZA=";
})
];
nativeBuildInputs = [
autoreconfHook
installShellFiles
asciidoc
pkg-config
libxslt # xsltproc
libxml2 # xmllint
docbook_xml_dtd_45
docbook_xsl
dbus-glib # gdbus-codegen
protobuf # protoc
];
buildInputs = [
dbus-glib
libcap_ng
libqb
libseccomp
libsodium
polkit
protobuf
audit
];
configureFlags = [
"--with-bundled-catch"
"--with-bundled-pegtl"
"--with-dbus"
"--with-crypto-library=sodium"
"--with-polkit"
];
enableParallelBuilding = true;
postInstall = ''
installShellCompletion --bash --name usbguard.bash scripts/bash_completion/usbguard
installShellCompletion --zsh --name _usbguard scripts/usbguard-zsh-completion
'';
passthru.tests = nixosTests.usbguard;
meta = with lib; {
description = "The USBGuard software framework helps to protect your computer against BadUSB";
longDescription = ''
USBGuard is a software framework for implementing USB device authorization
policies (what kind of USB devices are authorized) as well as method of
use policies (how a USB device may interact with the system). Simply put,
it is a USB device whitelisting tool.
'';
homepage = "https://usbguard.github.io/";
license = licenses.gpl2Plus;
maintainers = [ maintainers.tnias ];
};
}