pkgs/os-specific/linux/usbguard/default.nix at fix-function-merge · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / os-specific / linux / usbguard / default.nix

at fix-function-merge 99 lines 2.2 kB view raw

 1{ stdenv
 2, lib
 3, fetchFromGitHub
 4, fetchpatch
 5, autoreconfHook
 6, installShellFiles
 7, nixosTests
 8, asciidoc
 9, pkg-config
10, libxslt
11, libxml2
12, docbook_xml_dtd_45
13, docbook_xsl
14, dbus-glib
15, libcap_ng
16, libqb
17, libseccomp
18, polkit
19, protobuf
20, audit
21, libsodium
22}:
23
24stdenv.mkDerivation rec {
25  version = "1.1.2";
26  pname = "usbguard";
27
28  src = fetchFromGitHub {
29    owner = "USBGuard";
30    repo = pname;
31    rev = "usbguard-${version}";
32    hash = "sha256-uwNoKczmVOMpkU4KcKTOtbcTHiYVGXjk/rVbqMl5pGk=";
33    fetchSubmodules = true;
34  };
35
36  patches = [
37    # Pull upstream fix for gcc-13:
38    #   https://github.com/USBGuard/usbguard/pull/586
39    (fetchpatch {
40      name = "gcc-13.patch";
41      url = "https://github.com/USBGuard/usbguard/commit/22b1e0897af977cc96af926c730ff948bd120bb5.patch";
42      hash = "sha256-yw0ZHcn6naHcsfsqdBB/aTgCwvEHecew/6HDmjyY2ZA=";
43    })
44  ];
45
46  nativeBuildInputs = [
47    autoreconfHook
48    installShellFiles
49    asciidoc
50    pkg-config
51    libxslt # xsltproc
52    libxml2 # xmllint
53    docbook_xml_dtd_45
54    docbook_xsl
55    dbus-glib # gdbus-codegen
56    protobuf # protoc
57  ];
58
59  buildInputs = [
60    dbus-glib
61    libcap_ng
62    libqb
63    libseccomp
64    libsodium
65    polkit
66    protobuf
67    audit
68  ];
69
70  configureFlags = [
71    "--with-bundled-catch"
72    "--with-bundled-pegtl"
73    "--with-dbus"
74    "--with-crypto-library=sodium"
75    "--with-polkit"
76  ];
77
78  enableParallelBuilding = true;
79
80  postInstall = ''
81    installShellCompletion --bash --name usbguard.bash scripts/bash_completion/usbguard
82    installShellCompletion --zsh --name _usbguard scripts/usbguard-zsh-completion
83  '';
84
85  passthru.tests = nixosTests.usbguard;
86
87  meta = with lib; {
88    description = "USBGuard software framework helps to protect your computer against BadUSB";
89    longDescription = ''
90      USBGuard is a software framework for implementing USB device authorization
91      policies (what kind of USB devices are authorized) as well as method of
92      use policies (how a USB device may interact with the system). Simply put,
93      it is a USB device whitelisting tool.
94    '';
95    homepage = "https://usbguard.github.io/";
96    license = licenses.gpl2Plus;
97    maintainers = [ maintainers.tnias ];
98  };
99}