GNU bug report logs -
#40631
[PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
Previous Next
Reported by: Christopher Baines <mail <at> cbaines.net>
Date: Tue, 14 Apr 2020 19:37:02 UTC
Severity: normal
Tags: patch
Done: Christopher Baines <mail <at> cbaines.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40631 in the body.
You can then email your comments to 40631 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 14 Apr 2020 19:37:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Christopher Baines <mail <at> cbaines.net>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 14 Apr 2020 19:37:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
These patches make it possible to use gnome-boxes, at least for the
simple virtual machine I tried to run.
Previously, I was stuck with the following error:
Unable to start domain: unsupported configuration: this QEMU binary
lacks smartcard passthrough mode support
Christopher Baines (4):
gnu: Add softhsm.
gnu: Add libcacard.
gnu: qemu: Add libcacard as an input to enable smartcard support.
gnu: spice: Add libcacard as an input to enable smartcard support.
gnu/packages/security-token.scm | 28 +++++++++++++++++++
gnu/packages/spice.scm | 49 +++++++++++++++++++++++++++++++++
gnu/packages/virtualization.scm | 1 +
3 files changed, 78 insertions(+)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 14 Apr 2020 19:45:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 40631 <at> debbugs.gnu.org (full text, mbox):
This fixes an error in gnome-boxes when starting virtual machines:
Unable to start domain: unsupported configuration: this QEMU binary lacks
smartcard passthrough mode support
* gnu/packages/virtualization.scm (qemu)[inputs]: Add libcacard.
---
gnu/packages/virtualization.scm | 1 +
1 file changed, 1 insertion(+)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index c00f3ef9a8..7d4aac0d40 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -217,6 +217,7 @@ exec smbd $@")))
("gtk+" ,gtk+)
("libaio" ,libaio)
("libattr" ,attr)
+ ("libcacard" ,libcacard) ; smartcard support
("libcap" ,libcap) ; virtfs support requires libcap & libattr
("libdrm" ,libdrm)
("libepoxy" ,libepoxy)
--
2.26.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 14 Apr 2020 19:45:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 40631 <at> debbugs.gnu.org (full text, mbox):
Required for smartcard support in QEMU.
* gnu/packages/spice.scm (libcacard): New variable.
---
gnu/packages/spice.scm | 48 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 3445c64924..7d3525def6 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages spice)
#:use-module (gnu packages)
+ #:use-module (gnu packages base)
#:use-module (gnu packages compression)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages gl)
@@ -31,9 +32,11 @@
#:use-module (gnu packages image)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
+ #:use-module (gnu packages security-token)
#:use-module (gnu packages tls)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@@ -287,6 +290,51 @@ resolution scaling on graphical console window resize.")
(home-page "https://www.spice-space.org")
(license license:gpl3+)))
+(define-public libcacard
+ (package
+ (name "libcacard")
+ (version "2.7.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://gitlab.freedesktop.org/spice/libcacard/uploads/"
+ "56cb2499198e78e560a1d4c716cd8ab1"
+ "/libcacard-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0vyvkk4b6xjwq1ccggql13c1x7g4y90clpkqw28257azgn2a1c8n"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:tests? #f ; TODO Tests require gnutls built with
+ ; p11-kit
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "tests/setup-softhsm2.sh"
+ (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
+ (string-append (assoc-ref inputs "softhsm")
+ "/lib/softhsm/libsofthsm2.so")))
+ #t)))))
+ (propagated-inputs
+ `(("glib" ,glib) ; Requires: in the pkg-config file
+ ("nss" ,nss))) ; Requires.private: in the pkg-config
+ ; file
+ (native-inputs
+ `(("openssl" ,openssl)
+ ("nss" ,nss "bin")
+ ("opensc" ,opensc)
+ ("softhsm" ,softhsm)
+ ("gnutls" ,gnutls)
+ ("pkg-config" ,pkg-config)
+ ("which" ,which)))
+ (synopsis "Emulate and share smart cards with virtual machines")
+ (description
+ "The @acronym{CAC,Common Access Card} library can be used to emulate and
+share smart cards from client system to local or remote virtual machines.")
+ (home-page "https://gitlab.freedesktop.org/spice/libcacard")
+ (license license:lgpl2.1+)))
+
(define-public virt-viewer
(package
(name "virt-viewer")
--
2.26.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 14 Apr 2020 19:45:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 40631 <at> debbugs.gnu.org (full text, mbox):
This is to fix an issue with gnome-boxes when trying to start a virtual
machine:
unsupported type name: smartcard
* gnu/packages/spice.scm (spice)[inputs]: Add libcacard.
---
gnu/packages/spice.scm | 1 +
1 file changed, 1 insertion(+)
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 7d3525def6..2115dd3d0b 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -212,6 +212,7 @@ which allows users to view a desktop computing environment.")
`(("cyrus-sasl" ,cyrus-sasl)
("glib" ,glib)
("libjpeg-turbo" ,libjpeg-turbo)
+ ("libcacard" ,libcacard) ; smartcard support
("lz4" ,lz4)
("opus" ,opus)
("orc" ,orc)
--
2.26.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 14 Apr 2020 19:45:03 GMT)
Full text and
rfc822 format available.
Message #17 received at 40631 <at> debbugs.gnu.org (full text, mbox):
Required for the libcacard tests.
* gnu/packages/security-token.scm (softhsm): New variable.
---
gnu/packages/security-token.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index c5cbb758da..2ff0abb248 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -167,6 +167,34 @@ the low-level development kit for the Yubico YubiKey authentication device.")
(home-page "https://developers.yubico.com/yubico-c/")
(license license:bsd-2)))
+(define-public softhsm
+ (package
+ (name "softhsm")
+ (version "2.5.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://dist.opendnssec.org/source/"
+ "softhsm-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1cijq78jr3mzg7jj11r0krawijp99p253f4qdqr94n728p7mdalj"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
+ ; engine for GOST
+ (inputs
+ `(("openssl" ,openssl)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("cppunit" ,cppunit)))
+ (synopsis "Software implementation of a generic cryptographic device")
+ (description
+ "SoftHSM 2 is a software implementation of a generic cryptographic device
+with a PKCS #11 Cryptographic Token Interface.")
+ (home-page "https://www.opendnssec.org/softhsm/")
+ (license license:bsd-2)))
+
(define-public pcsc-lite
(package
(name "pcsc-lite")
--
2.26.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 28 Apr 2020 09:09:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 40631 <at> debbugs.gnu.org (full text, mbox):
Hello Christopher,
I was thinking of packaging libcacard the other day, thankfully you've
already
done it.
If I understand correctly softhsm is needed to test libcacard, but it's
tests
can't be enabled because our gnutls is missing some features and
rebuilding it
would rebuild the world, right?
> + (name "softhsm")
> + (version "2.5.0")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://dist.opendnssec.org/source/"
> + "softhsm-" version ".tar.gz"))
The latest version is 2.6.0, even though the home-page don't list it,
it's present
in the source you defined or in their Github page[0].
> + (add-after 'unpack 'patch
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "tests/setup-softhsm2.sh"
> + (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
> + (string-append (assoc-ref inputs "softhsm")
> + "/lib/softhsm/libsofthsm2.so")))
> + #t)))))
Instead of 'patch' 'patch-tests' would be more descriptive.
LGTM otherwise, building and linting is successful.
[0]: https://github.com/opendnssec/SoftHSMv2/releases
- Brice
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Tue, 28 Apr 2020 10:12:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 40631 <at> debbugs.gnu.org (full text, mbox):
> + (description
> + "The @acronym{CAC,Common Access Card} library can be used to
> emulate and
> +share smart cards from client system to local or remote virtual
> machines.")
> + (home-page "https://gitlab.freedesktop.org/spice/libcacard")
> + (license license:lgpl2.1+)))
I just founded out that 'acronym' isn't displayed at all by “guix show“
producing “The library can be used [...]”, it can be replaced by 'dfn'
which is displayed quoted: “The "CAC" library can be used [...]”. I wish
“guix lint“ would display 'acronym' which seems more usefull than
'defn'.
- Brice
Reply sent
to
Christopher Baines <mail <at> cbaines.net>:
You have taken responsibility.
(Sun, 03 May 2020 09:45:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Christopher Baines <mail <at> cbaines.net>:
bug acknowledged by developer.
(Sun, 03 May 2020 09:45:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 40631-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Brice Waegeneire <brice <at> waegenei.re> writes:
> I was thinking of packaging libcacard the other day, thankfully you've
> already
> done it.
>
> If I understand correctly softhsm is needed to test libcacard, but
> it's tests
> can't be enabled because our gnutls is missing some features and
> rebuilding it
> would rebuild the world, right?
Yep, I've got a bug open for that change [1].
1: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40654
>> + (name "softhsm")
>> + (version "2.5.0")
>> + (source (origin
>> + (method url-fetch)
>> + (uri (string-append
>> + "https://dist.opendnssec.org/source/"
>> + "softhsm-" version ".tar.gz"))
>
> The latest version is 2.6.0, even though the home-page don't list it,
> it's present
> in the source you defined or in their Github page[0].
Ah, interesting, I've updated the package to 2.6.1.
>> + (add-after 'unpack 'patch
>> + (lambda* (#:key inputs #:allow-other-keys)
>> + (substitute* "tests/setup-softhsm2.sh"
>> + (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
>> + (string-append (assoc-ref inputs "softhsm")
>> + "/lib/softhsm/libsofthsm2.so")))
>> + #t)))))
>
> Instead of 'patch' 'patch-tests' would be more descriptive.
Sure, I've changed the phase name.
> LGTM otherwise, building and linting is successful.
Great, I've gone ahead and pushed these patches as
17adb70f78b34a490b8e692f1a110cef72097685.
Thanks for taking a look!
Chris
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#40631; Package
guix-patches.
(Sun, 03 May 2020 09:46:01 GMT)
Full text and
rfc822 format available.
Message #31 received at 40631 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Brice Waegeneire <brice <at> waegenei.re> writes:
>> + (description
>> + "The @acronym{CAC,Common Access Card} library can be used to
>> emulate and
>> +share smart cards from client system to local or remote virtual
>> machines.")
>> + (home-page "https://gitlab.freedesktop.org/spice/libcacard")
>> + (license license:lgpl2.1+)))
>
> I just founded out that 'acronym' isn't displayed at all by “guix show“
> producing “The library can be used [...]”, it can be replaced by 'dfn'
> which is displayed quoted: “The "CAC" library can be used [...]”. I wish
> “guix lint“ would display 'acronym' which seems more usefull than
> 'defn'.
So this is/was a bug in Guile [1] and should be fixed as of Guile 3.0.1
[2].
1: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37846
2: https://lists.gnu.org/archive/html/guile-devel/2020-03/msg00012.html
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 31 May 2020 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 105 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.