From f2ea45461767eef7b1c03d130342902e4070fe45 Mon Sep 17 00:00:00 2001 From: Ivan Kozik Date: Wed, 19 Jun 2019 20:29:46 +0000 Subject: usbguard-nox: init at 0.7.4 This is just usbguard without the Qt GUI that brings in Qt dependencies. Remove pandoc to reduce closure size. The usbguard build appears to use it only for spell checking. Remove asciidoctor because 0.7.1 switched to asciidoc. But don't add a dependency on asciidoc, because that causes the build fails on external DTDs. --- nixos/modules/services/security/usbguard.nix | 14 ++++++++++++-- pkgs/os-specific/linux/usbguard/default.nix | 25 ++++++++++++------------- pkgs/top-level/all-packages.nix | 4 ++++ 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 88d2f69db57..20d5e3b28eb 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -39,6 +39,16 @@ in { services.usbguard = { enable = mkEnableOption "USBGuard daemon"; + package = mkOption { + type = types.package; + default = pkgs.usbguard; + defaultText = "pkgs.usbguard"; + description = '' + The usbguard package to use. If you do not need the Qt GUI, use + pkgs.usbguard-nox to save disk space. + ''; + }; + ruleFile = mkOption { type = types.path; default = "/var/lib/usbguard/rules.conf"; @@ -179,7 +189,7 @@ in { config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.usbguard ]; + environment.systemPackages = [ cfg.package ]; systemd.services.usbguard = { description = "USBGuard daemon"; @@ -195,7 +205,7 @@ in { serviceConfig = { Type = "simple"; - ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; + ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; Restart = "on-failure"; }; }; diff --git a/pkgs/os-specific/linux/usbguard/default.nix b/pkgs/os-specific/linux/usbguard/default.nix index 3df0023bd67..1c5678b81e0 100644 --- a/pkgs/os-specific/linux/usbguard/default.nix +++ b/pkgs/os-specific/linux/usbguard/default.nix @@ -1,8 +1,11 @@ { stdenv, fetchurl, lib, - libxslt, pandoc, asciidoctor, pkgconfig, - dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg, - audit, + pkgconfig, libxml2, libxslt, + dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, audit, + withGui ? true, + qtbase ? null, + qttools ? null, + qtsvg ? null, libgcrypt ? null, libsodium ? null }: @@ -23,10 +26,9 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ - libxslt - asciidoctor - pandoc # for rendering documentation pkgconfig + libxslt # xsltproc + libxml2 # xmllint ]; buildInputs = [ @@ -37,23 +39,20 @@ stdenv.mkDerivation rec { polkit protobuf audit - - qtbase - qtsvg - qttools ] ++ (lib.optional (libgcrypt != null) libgcrypt) - ++ (lib.optional (libsodium != null) libsodium); + ++ (lib.optional (libsodium != null) libsodium) + ++ (lib.optionals withGui [ qtbase qtsvg qttools ]); configureFlags = [ "--with-bundled-catch" "--with-bundled-pegtl" "--with-dbus" - "--with-gui-qt=qt5" "--with-polkit" ] ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt") - ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium"); + ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium") + ++ (lib.optional withGui "--with-gui-qt=qt5"); enableParallelBuilding = true; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 55d194263ab..e11781e91e9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16057,6 +16057,10 @@ in libgcrypt = null; }; + usbguard-nox = usbguard.override { + withGui = false; + }; + usbutils = callPackage ../os-specific/linux/usbutils { }; usermount = callPackage ../os-specific/linux/usermount { }; -- cgit 1.4.1