unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
@ 2020-04-14 19:36 Christopher Baines
  2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
  2020-04-28  9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
  0 siblings, 2 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:36 UTC (permalink / raw)
  To: 40631

[-- Attachment #1: Type: text/plain, Size: 684 bytes --]

These patches make it possible to use gnome-boxes, at least for the
simple virtual machine I tried to run.

Previously, I was stuck with the following error:

  Unable to start domain: unsupported configuration: this QEMU binary
  lacks smartcard passthrough mode support



Christopher Baines (4):
  gnu: Add softhsm.
  gnu: Add libcacard.
  gnu: qemu: Add libcacard as an input to enable smartcard support.
  gnu: spice: Add libcacard as an input to enable smartcard support.

 gnu/packages/security-token.scm | 28 +++++++++++++++++++
 gnu/packages/spice.scm          | 49 +++++++++++++++++++++++++++++++++
 gnu/packages/virtualization.scm |  1 +
 3 files changed, 78 insertions(+)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 1/4] gnu: Add softhsm.
  2020-04-14 19:36 [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Christopher Baines
@ 2020-04-14 19:44 ` Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
                     ` (2 more replies)
  2020-04-28  9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
  1 sibling, 3 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
  To: 40631

Required for the libcacard tests.

* gnu/packages/security-token.scm (softhsm): New variable.
---
 gnu/packages/security-token.scm | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index c5cbb758da..2ff0abb248 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -167,6 +167,34 @@ the low-level development kit for the Yubico YubiKey authentication device.")
     (home-page "https://developers.yubico.com/yubico-c/")
     (license license:bsd-2)))
 
+(define-public softhsm
+  (package
+    (name "softhsm")
+    (version "2.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://dist.opendnssec.org/source/"
+                    "softhsm-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1cijq78jr3mzg7jj11r0krawijp99p253f4qdqr94n728p7mdalj"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
+                                               ; engine for GOST
+    (inputs
+     `(("openssl" ,openssl)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("cppunit" ,cppunit)))
+    (synopsis "Software implementation of a generic cryptographic device")
+    (description
+     "SoftHSM 2 is a software implementation of a generic cryptographic device
+with a PKCS #11 Cryptographic Token Interface.")
+    (home-page "https://www.opendnssec.org/softhsm/")
+    (license license:bsd-2)))
+
 (define-public pcsc-lite
   (package
     (name "pcsc-lite")
-- 
2.26.0

^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 2/4] gnu: Add libcacard.
  2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
@ 2020-04-14 19:44   ` Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 4/4] gnu: spice: " Christopher Baines
  2 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
  To: 40631

Required for smartcard support in QEMU.

* gnu/packages/spice.scm (libcacard): New variable.
---
 gnu/packages/spice.scm | 48 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 3445c64924..7d3525def6 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -21,6 +21,7 @@
 
 (define-module (gnu packages spice)
   #:use-module (gnu packages)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages gl)
@@ -31,9 +32,11 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages security-token)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages xdisorg)
@@ -287,6 +290,51 @@ resolution scaling on graphical console window resize.")
     (home-page "https://www.spice-space.org")
     (license license:gpl3+)))
 
+(define-public libcacard
+  (package
+    (name "libcacard")
+    (version "2.7.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://gitlab.freedesktop.org/spice/libcacard/uploads/"
+                    "56cb2499198e78e560a1d4c716cd8ab1"
+                    "/libcacard-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0vyvkk4b6xjwq1ccggql13c1x7g4y90clpkqw28257azgn2a1c8n"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f                      ; TODO Tests require gnutls built with
+                                        ; p11-kit
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "tests/setup-softhsm2.sh"
+               (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
+                (string-append (assoc-ref inputs "softhsm")
+                               "/lib/softhsm/libsofthsm2.so")))
+             #t)))))
+    (propagated-inputs
+     `(("glib" ,glib)                   ; Requires: in the pkg-config file
+       ("nss" ,nss)))                   ; Requires.private: in the pkg-config
+                                        ; file
+    (native-inputs
+     `(("openssl" ,openssl)
+       ("nss" ,nss "bin")
+       ("opensc" ,opensc)
+       ("softhsm" ,softhsm)
+       ("gnutls" ,gnutls)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)))
+    (synopsis "Emulate and share smart cards with virtual machines")
+    (description
+     "The @acronym{CAC,Common Access Card} library can be used to emulate and
+share smart cards from client system to local or remote virtual machines.")
+    (home-page "https://gitlab.freedesktop.org/spice/libcacard")
+    (license license:lgpl2.1+)))
+
 (define-public virt-viewer
   (package
     (name "virt-viewer")
-- 
2.26.0

^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support.
  2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
@ 2020-04-14 19:44   ` Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 4/4] gnu: spice: " Christopher Baines
  2 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
  To: 40631

This fixes an error in gnome-boxes when starting virtual machines:

  Unable to start domain: unsupported configuration: this QEMU binary lacks
  smartcard passthrough mode support

* gnu/packages/virtualization.scm (qemu)[inputs]: Add libcacard.
---
 gnu/packages/virtualization.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index c00f3ef9a8..7d4aac0d40 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -217,6 +217,7 @@ exec smbd $@")))
        ("gtk+" ,gtk+)
        ("libaio" ,libaio)
        ("libattr" ,attr)
+       ("libcacard" ,libcacard)     ; smartcard support
        ("libcap" ,libcap)           ; virtfs support requires libcap & libattr
        ("libdrm" ,libdrm)
        ("libepoxy" ,libepoxy)
-- 
2.26.0

^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 4/4] gnu: spice: Add libcacard as an input to enable smartcard support.
  2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
  2020-04-14 19:44   ` [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support Christopher Baines
@ 2020-04-14 19:44   ` Christopher Baines
  2 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
  To: 40631

This is to fix an issue with gnome-boxes when trying to start a virtual
machine:

  unsupported type name: smartcard

* gnu/packages/spice.scm (spice)[inputs]: Add libcacard.
---
 gnu/packages/spice.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 7d3525def6..2115dd3d0b 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -212,6 +212,7 @@ which allows users to view a desktop computing environment.")
       `(("cyrus-sasl" ,cyrus-sasl)
         ("glib" ,glib)
         ("libjpeg-turbo" ,libjpeg-turbo)
+        ("libcacard" ,libcacard)        ; smartcard support
         ("lz4" ,lz4)
         ("opus" ,opus)
         ("orc" ,orc)
-- 
2.26.0

^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
  2020-04-14 19:36 [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Christopher Baines
  2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
@ 2020-04-28  9:07 ` Brice Waegeneire
  2020-04-28 10:11   ` Brice Waegeneire
  2020-05-03  9:43   ` bug#40631: " Christopher Baines
  1 sibling, 2 replies; 9+ messages in thread
From: Brice Waegeneire @ 2020-04-28  9:07 UTC (permalink / raw)
  To: mail; +Cc: 40631

Hello Christopher,

I was thinking of packaging libcacard the other day, thankfully you've 
already
done it.

If I understand correctly softhsm is needed to test libcacard, but it's 
tests
can't be enabled because our gnutls is missing some features and 
rebuilding it
would rebuild the world, right?

> +    (name "softhsm")
> +    (version "2.5.0")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (string-append
> +                    "https://dist.opendnssec.org/source/"
> +                    "softhsm-" version ".tar.gz"))

The latest version is 2.6.0, even though the home-page don't list it, 
it's present
in the source you defined or in their Github page[0].


> +         (add-after 'unpack 'patch
> +           (lambda* (#:key inputs #:allow-other-keys)
> +             (substitute* "tests/setup-softhsm2.sh"
> +               (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
> +                (string-append (assoc-ref inputs "softhsm")
> +                               "/lib/softhsm/libsofthsm2.so")))
> +             #t)))))

Instead of 'patch' 'patch-tests' would be more descriptive.

LGTM otherwise, building and linting is successful.

[0]: https://github.com/opendnssec/SoftHSMv2/releases

- Brice

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
  2020-04-28  9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
@ 2020-04-28 10:11   ` Brice Waegeneire
  2020-05-03  9:45     ` Christopher Baines
  2020-05-03  9:43   ` bug#40631: " Christopher Baines
  1 sibling, 1 reply; 9+ messages in thread
From: Brice Waegeneire @ 2020-04-28 10:11 UTC (permalink / raw)
  To: mail; +Cc: 40631

> +    (description
> +     "The @acronym{CAC,Common Access Card} library can be used to 
> emulate and
> +share smart cards from client system to local or remote virtual 
> machines.")
> +    (home-page "https://gitlab.freedesktop.org/spice/libcacard")
> +    (license license:lgpl2.1+)))

I just founded out that 'acronym' isn't displayed at all by “guix show“
producing “The library can be used [...]”, it can be replaced by 'dfn'
which is displayed quoted: “The "CAC" library can be used [...]”. I wish
“guix lint“ would display 'acronym' which seems more usefull than 
'defn'.

- Brice

^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#40631: [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
  2020-04-28  9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
  2020-04-28 10:11   ` Brice Waegeneire
@ 2020-05-03  9:43   ` Christopher Baines
  1 sibling, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-05-03  9:43 UTC (permalink / raw)
  To: Brice Waegeneire; +Cc: 40631-done

[-- Attachment #1: Type: text/plain, Size: 1572 bytes --]


Brice Waegeneire <brice@waegenei.re> writes:

> I was thinking of packaging libcacard the other day, thankfully you've
> already
> done it.
>
> If I understand correctly softhsm is needed to test libcacard, but
> it's tests
> can't be enabled because our gnutls is missing some features and
> rebuilding it
> would rebuild the world, right?

Yep, I've got a bug open for that change [1].

1: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40654

>> +    (name "softhsm")
>> +    (version "2.5.0")
>> +    (source (origin
>> +              (method url-fetch)
>> +              (uri (string-append
>> +                    "https://dist.opendnssec.org/source/"
>> +                    "softhsm-" version ".tar.gz"))
>
> The latest version is 2.6.0, even though the home-page don't list it,
> it's present
> in the source you defined or in their Github page[0].

Ah, interesting, I've updated the package to 2.6.1.

>> +         (add-after 'unpack 'patch
>> +           (lambda* (#:key inputs #:allow-other-keys)
>> +             (substitute* "tests/setup-softhsm2.sh"
>> +               (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
>> +                (string-append (assoc-ref inputs "softhsm")
>> +                               "/lib/softhsm/libsofthsm2.so")))
>> +             #t)))))
>
> Instead of 'patch' 'patch-tests' would be more descriptive.

Sure, I've changed the phase name.

> LGTM otherwise, building and linting is successful.

Great, I've gone ahead and pushed these patches as
17adb70f78b34a490b8e692f1a110cef72097685.

Thanks for taking a look!

Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
  2020-04-28 10:11   ` Brice Waegeneire
@ 2020-05-03  9:45     ` Christopher Baines
  0 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-05-03  9:45 UTC (permalink / raw)
  To: Brice Waegeneire; +Cc: 40631

[-- Attachment #1: Type: text/plain, Size: 888 bytes --]


Brice Waegeneire <brice@waegenei.re> writes:

>> +    (description
>> +     "The @acronym{CAC,Common Access Card} library can be used to
>> emulate and
>> +share smart cards from client system to local or remote virtual
>> machines.")
>> +    (home-page "https://gitlab.freedesktop.org/spice/libcacard")
>> +    (license license:lgpl2.1+)))
>
> I just founded out that 'acronym' isn't displayed at all by “guix show“
> producing “The library can be used [...]”, it can be replaced by 'dfn'
> which is displayed quoted: “The "CAC" library can be used [...]”. I wish
> “guix lint“ would display 'acronym' which seems more usefull than
> 'defn'.

So this is/was a bug in Guile [1] and should be fixed as of Guile 3.0.1
[2].

1: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37846
2: https://lists.gnu.org/archive/html/guile-devel/2020-03/msg00012.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2020-05-03  9:45 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-14 19:36 [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
2020-04-14 19:44   ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
2020-04-14 19:44   ` [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support Christopher Baines
2020-04-14 19:44   ` [bug#40631] [PATCH 4/4] gnu: spice: " Christopher Baines
2020-04-28  9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
2020-04-28 10:11   ` Brice Waegeneire
2020-05-03  9:45     ` Christopher Baines
2020-05-03  9:43   ` bug#40631: " Christopher Baines

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).