From 4f2935390e208a08992db8625d6b0db48ee280ad Mon Sep 17 00:00:00 2001
From: Phil <philipp.B.610@googlemail.com>
Date: Sat, 26 Aug 2017 00:35:18 +0200
Subject: nixos/usbguard: create package and module (#28363)

* nixos/usbguard: create package and module

No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)

* nixos/usbguard: remove extra packages

Users can override this by themselves.

* nixos/usbguard: add maintainer and fix style
---
 pkgs/os-specific/linux/usbguard/default.nix | 68 +++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 pkgs/os-specific/linux/usbguard/default.nix

(limited to 'pkgs/os-specific/linux/usbguard/default.nix')

diff --git a/pkgs/os-specific/linux/usbguard/default.nix b/pkgs/os-specific/linux/usbguard/default.nix
new file mode 100644
index 0000000000000..b88d96e02a44d
--- /dev/null
+++ b/pkgs/os-specific/linux/usbguard/default.nix
@@ -0,0 +1,68 @@
+{
+  stdenv, fetchurl, lib,
+  libxslt, pandoc, pkgconfig,
+  dbus_glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg,
+  libgcrypt ? null,
+  libsodium ? null
+}:
+
+with stdenv.lib;
+
+assert libgcrypt != null -> libsodium == null;
+
+stdenv.mkDerivation rec {
+  version = "0.7.0";
+  name = "usbguard-${version}";
+
+  repo = "https://github.com/dkopecek/usbguard";
+
+  src = fetchurl {
+    url = "${repo}/releases/download/${name}/${name}.tar.gz";
+    sha256 = "1e1485a2b47ba3bde9de2851b371d2552a807047a21e0b81553cf80d7f722709";
+  };
+
+  patches = [
+    ./daemon_read_only_config.patch
+    ./documentation.patch
+  ];
+
+  nativeBuildInputs = [
+    libxslt
+    pandoc # for rendering documentation
+    pkgconfig
+  ];
+
+  buildInputs = [
+    dbus_glib
+    libcap_ng
+    libqb
+    libseccomp
+    polkit
+    protobuf
+
+    qtbase
+    qtsvg
+    qttools
+  ]
+  ++ (lib.optional (libgcrypt != null) libgcrypt)
+  ++ (lib.optional (libsodium != null) libsodium);
+
+  configureFlags = [
+    "--with-bundled-catch"
+    "--with-bundled-pegtl"
+    "--with-dbus"
+    "--with-gui-qt=qt5"
+    "--with-polkit"
+  ]
+  ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt")
+  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium");
+
+  enableParallelBuilding = true;
+
+  meta = {
+    description = "The USBGuard software framework helps to protect your computer against BadUSB.";
+    homepage = "https://dkopecek.github.io/usbguard/";
+    license = licenses.gpl2;
+    maintainers = [ maintainers.tnias ];
+  };
+}
-- 
cgit 1.4.1