Output From `generate-policy` Command Results In Error `parse error matching tao::pegtl::sor<usbguard::RuleParser::comment, usbguard::RuleParser::rule

[bonedaddy]

Overview

Attempting to use the rules file generated by usbguard generate-policy results in a fatal startup error of parse error matching tao::pegtl::sor<usbguard::RuleParser::comment, usbguard::RuleParser::rule>. Previously this was working, however i recently upgraded from 20.04 to 20.10. Additonally compiling usbguard from source om master results in the same error being produced when attempting to use the command usbguard-rule-parser /etc/usbguard/rules.conf.

Logs

⋊> ~ sudo usbguard generate-policy > /etc/usbguard/rules.conf                                                                                                                         13:32:31
⋊> ~ sudo systemctl restart usbguard                                                                                                                                                  13:32:36
Job for usbguard.service failed because the control process exited with error code.
See "systemctl status usbguard.service" and "journalctl -xeu usbguard.service" for details.
⋊> ~ sudo journalctl -xeu usbguard | tail -n 60 | head -n 10                                                                                                                          13:32:46
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit usbguard.service has begun execution.
░░ 
░░ The job identifier is 8945.
Dec 19 13:32:45 biggray usbguard-daemon[167656]: [1639949565.173] (E) Rules: SourceLOCAL::/etc/usbguard/rules.conf: usbguard::Exception
Dec 19 13:32:45 biggray usbguard-daemon[167656]: Rules: SourceLOCAL::/etc/usbguard/rules.conf: usbguard::Exception
Dec 19 13:32:45 biggray systemd[1]: usbguard.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
⋊> ~ usbguard-rule-parser /etc/usbguard/rules.conf                                                                                                                                    13:32:47
INPUT: /etc/usbguard/rules.conf
! ERROR: RuleParserError
!!  /etc/usbguard/rules.conf
!!  ^-- <argv>:1:0(0): parse error matching tao::pegtl::sor<usbguard::RuleParser::comment, usbguard::RuleParser::rule>

Version Information

• /etc/os-release

NAME="Pop!_OS"
VERSION="21.10"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 21.10"
VERSION_ID="21.10"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=impish
UBUNTU_CODENAME=impish
LOGO=distributor-logo-pop-os

• usbguard package information

⋊> ~ sudo apt info usbguard                                                                                                                                                           13:33:31
Package: usbguard
Version: 1.0.0+ds-2
Priority: optional
Section: universe/utils
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Birger Schacht <birger@debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 518 kB
Pre-Depends: init-system-helpers (>= 1.54~)
Depends: libaudit1 (>= 1:2.2.1), libc6 (>= 2.33), libcap-ng0 (>= 0.7.9), libgcc-s1 (>= 3.0), libglib2.0-0 (>= 2.26.0), libseccomp2 (>= 0.0.0~20120605), libstdc++6 (>= 9), libusbguard0 (>= 1.0.0+ds), dbus
Homepage: https://usbguard.github.io/
Download-Size: 140 kB
APT-Manual-Installed: yes
APT-Sources: http://us.archive.ubuntu.com/ubuntu impish/universe amd64 Packages
Description: USB device authorization policy framework
 The USBGuard software framework helps to protect your computer against rogue
 USB devices (a.k.a. BadUSB) by implementing basic allow- and blocklisting
 capabilities based on device attributes.

• kernel versoin: Linux biggray 5.15.5-76051505-generic #202111250933~1638201579~21.10~09f1aa7 SMP Mon Nov 29 16:23:13 U x86_64 x86_64 x86_64 GNU/Linux

Additional Debugging Information

While attempting to debug the issue i uninstalled usbguard package, and compiled from source. Using the daemon built from source, I can use the existing rules file to start the daemon like so:

$> sudo usbguard-daemon -c /etc/usbguard/usbguard-daemon.conf

However attempting to use the -C flag results in an error:

⋊> /e/usbguard sudo usbguard-daemon -c /etc/usbguard/usbguard-daemon.conf -C -d                                                                                                       13:59:37
[1639951179.082] (i) NSHandler Loading...
[1639951179.082] (i) separator -> :
[1639951179.083] (i) keys:
[1639951179.083] (i) --->usbguard
[1639951179.083] (i) NSHandler Loaded
[1639951179.083] (i) Loading configuration from /etc/usbguard/usbguard-daemon.conf
[1639951179.083] (i) File has correct permissions.
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: RuleFile=/etc/usbguard/rules.conf
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: ImplicitPolicyTarget=block
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: PresentDevicePolicy=apply-policy
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: PresentControllerPolicy=apply-policy
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: InsertedDevicePolicy=apply-policy
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: AuthorizedDefault=none
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: RestoreControllerDeviceState=false
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: DeviceManagerBackend=uevent
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: IPCAllowedUsers=root
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: IPCAllowedGroups=root plugdev
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: DeviceRulesWithPort=false
[1639951179.083] (D) ConfigFilePrivate.cpp@155/parse: Parsed: AuditBackend=FileAudit
[1639951179.084] (D) ConfigFilePrivate.cpp@155/parse: Parsed: AuditFilePath=/var/log/usbguard/usbguard-audit.log
[1639951179.084] (D) ConfigFilePrivate.cpp@155/parse: Parsed: HidePII=false
[1639951179.084] (i) Loading NSSwitch...
[1639951179.084] (i) Loading nsswitch from /etc/nsswitch.conf
[1639951179.084] (D) NSHandler.cpp@163/parseNSSwitch: Map contains:
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> ETHERS -> db files <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> GROUP -> files systemd <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> GSHADOW -> files <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> HOSTS -> files mdns4_minimal [NOTFOUND=return] dns <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> NETGROUP -> nis <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> NETWORKS -> files <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> PASSWD -> files systemd <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> PROTOCOLS -> db files <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> RPC -> db files <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> SERVICES -> db files <--
[1639951179.084] (D) NSHandler.cpp@166/parseNSSwitch: --> SHADOW -> files <--
[1639951179.084] (i) Fetched value is ->  <-
[1639951179.084] (i) Value is not valid or not set, using default FILES
[1639951179.084] (i) File has correct permissions.
[1639951179.084] (i) Loading RuleSet
[1639951179.084] (i) Creating FileRuleSet
[1639951179.085] (E) Rules: SourceLOCAL::/etc/usbguard/rules.conf: usbguard::Exception

[Cropi]

May I ask you to specify which rule causes the problem? If there are some problems with generating default rules, I will have to reproduce it first.

[hartwork]

@bonedaddy any news? It would be great to either have the output of sudo usbguard-rule-parser -t -f /etc/usbguard/rules.conf or a minimal reproducable example file that demos the error with latest Git master.