[PATCH 1/1] gnu: Add ccid.

[PATCH 1/1] gnu: Add ccid.

[Marius Bakke]

* gnu/packages/security-token.scm (ccid): New variable.
---
 gnu/packages/security-token.scm | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 735b2fe..8f58c58 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org>
+;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,11 +26,50 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages curl)
+  #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages man)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config))
 
+(define-public ccid
+  (package
+    (name "ccid")
+    (version "1.4.25")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://alioth.debian.org/frs/download.php/file/4187/"
+                    "ccid-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "029n4lpy5nvg278s4mybisyj4lm0bcjslvwfslw6hkghw162n1kb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
+                                              "/pcsc/drivers"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-Makefile
+           (lambda _
+             (substitute* "src/Makefile.in"
+               (("/bin/echo") (which "echo")))
+             #t)))))
+    (native-inputs
+     `(("perl" ,perl)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libusb" ,libusb)
+       ("pcsc-lite" ,pcsc-lite)))
+    (home-page "https://pcsclite.alioth.debian.org/ccid.html")
+    (synopsis "PC/SC driver for USB smart card devices")
+    (description
+     "This package provides a PC/SC IFD handler implementation for devices
+compliant with the CCID and ICCD protocols.  It supports a wide range of
+readers and is needed to communicate with such devices through the
+@command{pcscd} resource manager.")
+    (license license:lgpl2.1+)))
+
 (define-public libyubikey
   (package
     (name "libyubikey")
-- 
2.10.1

Re: [PATCH 1/1] gnu: Add ccid.

[Mike Gerwitz]

[-- Attachment #1: Type: text/plain, Size: 995 bytes --]

On Thu, Oct 27, 2016 at 10:46:11 +0100, Marius Bakke wrote:
> +     `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
> +                                              "/pcsc/drivers"))

When I run pcscd under Guix, I get:

  00000000 hotplug_libudev.c:122:HPReadBundleValues()
  Cannot open PC/SC drivers directory: /var/lib/pcsc/drivers
  00000041 hotplug_libudev.c:123:HPReadBundleValues()
  Disabling USB support for pcscd.

I believe that is what `--enable-usbdropdir' is referencing in
ccid.  pcsc-lite has the same configuration option, but it's currently
hardcoded to /var/lib/pcsc/drivers; could you update it to match ccid's
and see if that works?

Debian has the dependencies structured such that pcscd has ccid as an
input.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
Old: 2217 5B02 E626 BC98 D7C0  C2E5 F22B B815 8EE3 0EAB
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

Re: [PATCH 1/1] gnu: Add ccid.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 1257 bytes --]

Mike Gerwitz <mtg@gnu.org> writes:

> On Thu, Oct 27, 2016 at 10:46:11 +0100, Marius Bakke wrote:
>> +     `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
>> +                                              "/pcsc/drivers"))
>
> When I run pcscd under Guix, I get:
>
>   00000000 hotplug_libudev.c:122:HPReadBundleValues()
>   Cannot open PC/SC drivers directory: /var/lib/pcsc/drivers
>   00000041 hotplug_libudev.c:123:HPReadBundleValues()
>   Disabling USB support for pcscd.
>
> I believe that is what `--enable-usbdropdir' is referencing in
> ccid.  pcsc-lite has the same configuration option, but it's currently
> hardcoded to /var/lib/pcsc/drivers; could you update it to match ccid's
> and see if that works?

Packages are not allowed to write to /var, so to run pcscd on Guix you
will have to symlink ~/.guix-profile/pcsc/drivers to
/var/lib/pcsc/drivers manually, until we have a system service for
pcscd. Can you try that?

> Debian has the dependencies structured such that pcscd has ccid as an
> input.

This would work, but ccid is one of potentially many drivers for pcscd,
so I'm reluctant to "hard code" it. It would not be possible to use
other drivers if usbdropdir is set to the ccid output.

Thanks for checking!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 454 bytes --]

Re: [PATCH 1/1] gnu: Add ccid.

[Ludovic Courtès]

Marius Bakke <mbakke@fastmail.com> skribis:

> * gnu/packages/security-token.scm (ccid): New variable.

LGTM; the driver issue that Mike and you are discussing doesn’t seem to
be a blocker.

Ludo’.

Re: [PATCH 1/1] gnu: Add ccid.

[Mike Gerwitz]

[-- Attachment #1: Type: text/plain, Size: 1237 bytes --]

Marius:

Sorry for the late reply.

On Fri, Oct 28, 2016 at 12:27:29 +0100, Marius Bakke wrote:
> Packages are not allowed to write to /var, so to run pcscd on Guix you
> will have to symlink ~/.guix-profile/pcsc/drivers to
> /var/lib/pcsc/drivers manually, until we have a system service for
> pcscd. Can you try that?

That does indeed work.  Thanks.

Part of this for me is being unfamiliar with how everything in Guix
works, so I'm sure it'll make a lot more sense once I see what service
you come up with and observe its conventions.


>> Debian has the dependencies structured such that pcscd has ccid as an
>> input.
>
> This would work, but ccid is one of potentially many drivers for pcscd,
> so I'm reluctant to "hard code" it. It would not be possible to use
> other drivers if usbdropdir is set to the ccid output.

Okay, that sounds fine with me if there is a potential to be able to use
other drivers; I'm not familiar enough with pcscd to know.

Thanks for working on this!

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
Old: 2217 5B02 E626 BC98 D7C0  C2E5 F22B B815 8EE3 0EAB
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

Re: [PATCH 1/1] gnu: Add ccid.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 838 bytes --]

Mike Gerwitz <mtg@gnu.org> writes:

> Marius:
>
> Sorry for the late reply.
>
> On Fri, Oct 28, 2016 at 12:27:29 +0100, Marius Bakke wrote:
>> Packages are not allowed to write to /var, so to run pcscd on Guix you
>> will have to symlink ~/.guix-profile/pcsc/drivers to
>> /var/lib/pcsc/drivers manually, until we have a system service for
>> pcscd. Can you try that?
>
> That does indeed work.  Thanks.

Thanks a lot for testing! :)

> Part of this for me is being unfamiliar with how everything in Guix
> works, so I'm sure it'll make a lot more sense once I see what service
> you come up with and observe its conventions.

I haven't started working on this yet, but the idea is to provide a list
of drivers in the service definition (with ccid as default), and then
symlink each of them to the driver directory before starting pcscd.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 454 bytes --]

Re: [PATCH 1/1] gnu: Add ccid.

[Mike Gerwitz]

[-- Attachment #1: Type: text/plain, Size: 1809 bytes --]

Hey, Marius:

I'm resurrecting this thread. :)

On Mon, Oct 31, 2016 at 10:09:14 +0000, Marius Bakke wrote:
> Mike Gerwitz <mtg@gnu.org> writes:
>> On Fri, Oct 28, 2016 at 12:27:29 +0100, Marius Bakke wrote:
>>> Packages are not allowed to write to /var, so to run pcscd on Guix you
>>> will have to symlink ~/.guix-profile/pcsc/drivers to
>>> /var/lib/pcsc/drivers manually, until we have a system service for
>>> pcscd. Can you try that?
>>
>> That does indeed work.  Thanks.
>
> Thanks a lot for testing! :)
>
>> Part of this for me is being unfamiliar with how everything in Guix
>> works, so I'm sure it'll make a lot more sense once I see what service
>> you come up with and observe its conventions.
>
> I haven't started working on this yet, but the idea is to provide a list
> of drivers in the service definition (with ccid as default), and then
> symlink each of them to the driver directory before starting pcscd.

I'm getting GuixSD set up on an X200 now, and this is something that I'm
interested in getting resolved.  For the time being, I'm using the
symlink workaround that you suggested.

If you're still interested in doing this---great!  Otherwise, I'm
tight on time and am already deep in a GuixSD crash-course, so I'd
appreciate any sort of mentoring/direction to get this working properly
and in a manner consistent with Guix/GuixSD's philosophy.  If there are
existing service examples that demonstrate the same core concept, I'd be
happy to play around with that.

But I'd need to know what approach you'd like to take to solving
this.  Could you provide some more detail?

Thanks!

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

Re: [PATCH 1/1] gnu: Add ccid.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 2674 bytes --]

Mike Gerwitz <mtg@gnu.org> writes:

> Hey, Marius:
>
> I'm resurrecting this thread. :)

Hello Mike, long time no see! :-)

> On Mon, Oct 31, 2016 at 10:09:14 +0000, Marius Bakke wrote:
>> Mike Gerwitz <mtg@gnu.org> writes:
>>> On Fri, Oct 28, 2016 at 12:27:29 +0100, Marius Bakke wrote:
>>>> Packages are not allowed to write to /var, so to run pcscd on Guix you
>>>> will have to symlink ~/.guix-profile/pcsc/drivers to
>>>> /var/lib/pcsc/drivers manually, until we have a system service for
>>>> pcscd. Can you try that?
>>>
>>> That does indeed work.  Thanks.
>>
>> Thanks a lot for testing! :)
>>
>>> Part of this for me is being unfamiliar with how everything in Guix
>>> works, so I'm sure it'll make a lot more sense once I see what service
>>> you come up with and observe its conventions.
>>
>> I haven't started working on this yet, but the idea is to provide a list
>> of drivers in the service definition (with ccid as default), and then
>> symlink each of them to the driver directory before starting pcscd.
>
> I'm getting GuixSD set up on an X200 now, and this is something that I'm
> interested in getting resolved.  For the time being, I'm using the
> symlink workaround that you suggested.

Cool, welcome to GuixSD land!

> If you're still interested in doing this---great!  Otherwise, I'm
> tight on time and am already deep in a GuixSD crash-course, so I'd
> appreciate any sort of mentoring/direction to get this working properly
> and in a manner consistent with Guix/GuixSD's philosophy.  If there are
> existing service examples that demonstrate the same core concept, I'd be
> happy to play around with that.

Unfortunately I lost(!) my key token (luckily nothing important on it),
but I'm happy to lend a hand (or take donations! :P).

> But I'd need to know what approach you'd like to take to solving
> this.  Could you provide some more detail?

I'd start by copying an existing (simple) service as "boilerplate", and
then write a "system test" that simply (attempts to) start the daemon.
You'll find these under "gnu/tests" and "gnu/services".

Once you have that, you can run "make check-system TESTS=pcscd"
(typically in a `guix environment guix`) to try out the service using a
single command instead of reconfiguring a "real" system/VM.

Then gradually add the bits needed to successfully start the service.
Grepping around, "cups.scm" deals with some symlinks to "cups-filters"
which may be useful, and there are also plenty examples of creating
"/var/lib/foo" and other directories as required.

The #guix channel on Freenode should be able to help out with most
obstacles, in addition to this list for the tricky parts.

Good luck! :-)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: [PATCH 1/1] gnu: Add ccid.

[Mike Gerwitz]

[-- Attachment #1: Type: text/plain, Size: 593 bytes --]

On Tue, Nov 21, 2017 at 02:05:26 +0100, Marius Bakke wrote:
> I'd start by copying an existing (simple) service as "boilerplate", and
> then write a "system test" that simply (attempts to) start the daemon.
> You'll find these under "gnu/tests" and "gnu/services".

Thanks for the advice.  I'll give this a shot over the next couple of
months (hopefully sooner, but we know how that goes) as I try to get
myself situated.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]