GNU bug report logs - #31298
[PATCH 0/2] Add some packages related to security tokens

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 31298 in the body.
You can then email your comments to 31298 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Chris Marusich <cmmarusich <at> gmail.com>
To: guix-patches <at> gnu.org
Cc: Chris Marusich <cmmarusich <at> gmail.com>
Subject: [PATCH 0/2] Add some packages related to security tokens
Date: Sat, 28 Apr 2018 03:57:13 -0700

Hi Guix!

These two patches add opensc and yubico-piv-tool.  The former is
useful because, among other reasons, its PKCS#11 shared library can be
used with an SSH agent to fetch credentials from a smart card (such as
a YubiKey).  The latter is useful for interacting with the PIV
application on a YubiKey.  I have verified that both of these work on
my system for those purposes, with a YubiKey.

To successfully use the OpenSC PKCS#11 shared library with an SSH
agent, you need to take care to start your ssh-agent with the -P
option to whitelist the path of the library's .so file.  If you don't
do that, then any attempt to invoke ssh-add with the -s option will
fail with a generic message.

Chris Marusich (2):
  gnu: Add opensc.
  gnu: Add yubico-piv-tool.

 gnu/packages/security-token.scm | 91 +++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)

-- 
2.17.0

Message #8 received at 31298 <at> debbugs.gnu.org (full text, mbox):

From: Chris Marusich <cmmarusich <at> gmail.com>
To: 31298 <at> debbugs.gnu.org
Cc: Chris Marusich <cmmarusich <at> gmail.com>
Subject: [PATCH 1/2] gnu: Add opensc.
Date: Sat, 28 Apr 2018 04:02:40 -0700

* gnu/packages/security-token.scm (opensc): New variable.
---
 gnu/packages/security-token.scm | 51 +++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 6ff83ce5a..305e3d8a4 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2017 Thomas Danckaert <post <at> thomasdanckaert.be>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me <at> tobias.gr>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado <at> elephly.net>
+;;; Copyright © 2018 Chris Marusich <cmmarusich <at> gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,6 +32,7 @@
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages curl)
+  #:use-module (gnu packages docbook)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libusb)
@@ -38,6 +40,7 @@
   #:use-module (gnu packages man)
   #:use-module (gnu packages networking)
   #:use-module (gnu packages cyrus-sasl)
+  #:use-module (gnu packages readline)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -202,3 +205,51 @@ one-time-password (OTP) YubiKey against Yubico’s servers.  See the Yubico
 website for more information about Yubico and the YubiKey.")
     (home-page "https://developers.yubico.com/yubico-c-client/")
     (license license:bsd-2)))
+
+(define-public opensc
+  (package
+    (name "opensc")
+    (version "0.17.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/OpenSC/OpenSC/releases/download/"
+                    version "/opensc-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0043jh5g7q2lyd5vnb0akwb5y349isx7vbm9wqhlgav7d20wcwxy"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; By setting an absolute path here, we arrange for OpenSC to
+         ;; successfully dlopen libpcsclite.so.1 by default.  The user can
+         ;; still override this if they want to, by specifying a custom OpenSC
+         ;; configuration file at runtime.
+         (add-after 'unpack 'set-default-libpcsclite.so.1-path
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((libpcsclite (string-append (assoc-ref inputs "pcsc-lite")
+                                               "/lib/libpcsclite.so.1")))
+               (substitute* "configure"
+                 (("DEFAULT_PCSC_PROVIDER=\"libpcsclite\\.so\\.1\"")
+                  (string-append
+                   "DEFAULT_PCSC_PROVIDER=\"" libpcsclite "\"")))
+               #t))))))
+    (inputs
+     `(("readline" ,readline)
+       ("openssl" ,openssl)
+       ("pcsc-lite" ,pcsc-lite)
+       ("ccid" ,ccid)))
+    (native-inputs
+     `(("libxslt" ,libxslt)
+       ("docbook-xsl" ,docbook-xsl)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://github.com/OpenSC/OpenSC/wiki")
+    (synopsis "Tools and libraries related to smart cards")
+    (description
+     "OpenSC is a set of software tools and libraries to work with smart
+cards, with the focus on smart cards with cryptographic capabilities.  OpenSC
+facilitate the use of smart cards in security applications such as
+authentication, encryption and digital signatures.  OpenSC implements the PKCS
+#15 standard and the PKCS #11 API.")
+    (license license:lgpl2.1+)))
-- 
2.17.0

Message #11 received at 31298 <at> debbugs.gnu.org (full text, mbox):

From: Chris Marusich <cmmarusich <at> gmail.com>
To: 31298 <at> debbugs.gnu.org
Cc: Chris Marusich <cmmarusich <at> gmail.com>
Subject: [PATCH 2/2] gnu: Add yubico-piv-tool.
Date: Sat, 28 Apr 2018 04:02:41 -0700

* gnu/packages/security-token.scm (yubico-piv-tool): New variable.
---
 gnu/packages/security-token.scm | 40 +++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 305e3d8a4..64fe7d833 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -32,8 +32,11 @@
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages curl)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages docbook)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages gettext)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
@@ -42,6 +45,7 @@
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages tls)
+  #:use-module (gnu packages tex)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages xml))
@@ -253,3 +257,39 @@ facilitate the use of smart cards in security applications such as
 authentication, encryption and digital signatures.  OpenSC implements the PKCS
 #15 standard and the PKCS #11 API.")
     (license license:lgpl2.1+)))
+
+(define-public yubico-piv-tool
+  (package
+    (name "yubico-piv-tool")
+    (version "1.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://developers.yubico.com/yubico-piv-tool/Releases/"
+                    name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1axa0lnky5gsc8yack6mpfbjh49z0czr1cv52gbgjnx2kcbpb0y1"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("perl" ,perl)
+       ("pcsc-lite" ,pcsc-lite)
+       ("openssl" ,openssl)))
+    (native-inputs
+     `(("doxygen" ,doxygen)
+       ("graphviz" ,graphviz)
+       ("check" ,check)
+       ("texlive-bin" ,texlive-bin)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://developers.yubico.com/yubico-piv-tool/")
+    (synopsis "Interact with the PIV application on a YubiKey")
+    (description
+     "The Yubico PIV tool is used for interacting with the Privilege and
+Identification Card (PIV) application on a YubiKey.  With it you may generate
+keys on the device, import keys and certificates, create certificate requests,
+and other operations.  It includes a library and a command-line tool.")
+    ;; The file ykcs11/pkcs11.h also declares an additional, very short free
+    ;; license for that one file.  Please see it for details.  The files in
+    ;; the m4 directory are licensed under either a similarly terse free
+    ;; license or gpl2+.  The vast majority of files are licensed under bsd-2.
+    (license license:bsd-2)))
-- 
2.17.0

Message #14 received at 31298 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Chris Marusich <cmmarusich <at> gmail.com>
Cc: 31298 <at> debbugs.gnu.org
Subject: Re: [bug#31298] [PATCH 1/2] gnu: Add opensc.
Date: Mon, 30 Apr 2018 22:56:18 +0200

Chris Marusich <cmmarusich <at> gmail.com> skribis:

> * gnu/packages/security-token.scm (opensc): New variable.

LGTM, thanks!

Message #17 received at 31298 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Chris Marusich <cmmarusich <at> gmail.com>
Cc: 31298 <at> debbugs.gnu.org
Subject: Re: [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool.
Date: Mon, 30 Apr 2018 22:57:27 +0200

Chris Marusich <cmmarusich <at> gmail.com> skribis:

> * gnu/packages/security-token.scm (yubico-piv-tool): New variable.

LGTM!

> +    (home-page "https://developers.yubico.com/yubico-piv-tool/")
> +    (synopsis "Interact with the PIV application on a YubiKey")
> +    (description
> +     "The Yubico PIV tool is used for interacting with the Privilege and
> +Identification Card (PIV) application on a YubiKey.  With it you may generate
> +keys on the device, import keys and certificates, create certificate requests,
> +and other operations.  It includes a library and a command-line tool.")
> +    ;; The file ykcs11/pkcs11.h also declares an additional, very short free
> +    ;; license for that one file.  Please see it for details.  The files in
> +    ;; the m4 directory are licensed under either a similarly terse free
> +    ;; license or gpl2+.  The vast majority of files are licensed under bsd-2.
> +    (license license:bsd-2)))

I think you can omit the bit about the m4/ directory since it’s pretty
much the same story in many packages.

Thanks,
Ludo’.

Message #22 received at 31298-done <at> debbugs.gnu.org (full text, mbox):

From: Chris Marusich <cmmarusich <at> gmail.com>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 31298-done <at> debbugs.gnu.org
Subject: Re: [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool.
Date: Tue, 01 May 2018 22:49:40 -0700

[Message part 1 (text/plain, inline)]

ludo <at> gnu.org (Ludovic Courtès) writes:

> I think you can omit the bit about the m4/ directory since it’s pretty
> much the same story in many packages.

That's true.  I've tidied up the comment and committed this as
ba8d8820fc823eff8e71ab3157e3728f67094373.

Thank you for the review!

-- 
Chris

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.