* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
@ 2020-04-14 19:36 Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
2020-04-28 9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
0 siblings, 2 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:36 UTC (permalink / raw)
To: 40631
[-- Attachment #1: Type: text/plain, Size: 684 bytes --]
These patches make it possible to use gnome-boxes, at least for the
simple virtual machine I tried to run.
Previously, I was stuck with the following error:
Unable to start domain: unsupported configuration: this QEMU binary
lacks smartcard passthrough mode support
Christopher Baines (4):
gnu: Add softhsm.
gnu: Add libcacard.
gnu: qemu: Add libcacard as an input to enable smartcard support.
gnu: spice: Add libcacard as an input to enable smartcard support.
gnu/packages/security-token.scm | 28 +++++++++++++++++++
gnu/packages/spice.scm | 49 +++++++++++++++++++++++++++++++++
gnu/packages/virtualization.scm | 1 +
3 files changed, 78 insertions(+)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* [bug#40631] [PATCH 1/4] gnu: Add softhsm.
2020-04-14 19:36 [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Christopher Baines
@ 2020-04-14 19:44 ` Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
` (2 more replies)
2020-04-28 9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
1 sibling, 3 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
To: 40631
Required for the libcacard tests.
* gnu/packages/security-token.scm (softhsm): New variable.
---
gnu/packages/security-token.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index c5cbb758da..2ff0abb248 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -167,6 +167,34 @@ the low-level development kit for the Yubico YubiKey authentication device.")
(home-page "https://developers.yubico.com/yubico-c/")
(license license:bsd-2)))
+(define-public softhsm
+ (package
+ (name "softhsm")
+ (version "2.5.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://dist.opendnssec.org/source/"
+ "softhsm-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1cijq78jr3mzg7jj11r0krawijp99p253f4qdqr94n728p7mdalj"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
+ ; engine for GOST
+ (inputs
+ `(("openssl" ,openssl)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("cppunit" ,cppunit)))
+ (synopsis "Software implementation of a generic cryptographic device")
+ (description
+ "SoftHSM 2 is a software implementation of a generic cryptographic device
+with a PKCS #11 Cryptographic Token Interface.")
+ (home-page "https://www.opendnssec.org/softhsm/")
+ (license license:bsd-2)))
+
(define-public pcsc-lite
(package
(name "pcsc-lite")
--
2.26.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [bug#40631] [PATCH 2/4] gnu: Add libcacard.
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
@ 2020-04-14 19:44 ` Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 4/4] gnu: spice: " Christopher Baines
2 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
To: 40631
Required for smartcard support in QEMU.
* gnu/packages/spice.scm (libcacard): New variable.
---
gnu/packages/spice.scm | 48 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 3445c64924..7d3525def6 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages spice)
#:use-module (gnu packages)
+ #:use-module (gnu packages base)
#:use-module (gnu packages compression)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages gl)
@@ -31,9 +32,11 @@
#:use-module (gnu packages image)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
+ #:use-module (gnu packages security-token)
#:use-module (gnu packages tls)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
@@ -287,6 +290,51 @@ resolution scaling on graphical console window resize.")
(home-page "https://www.spice-space.org")
(license license:gpl3+)))
+(define-public libcacard
+ (package
+ (name "libcacard")
+ (version "2.7.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://gitlab.freedesktop.org/spice/libcacard/uploads/"
+ "56cb2499198e78e560a1d4c716cd8ab1"
+ "/libcacard-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0vyvkk4b6xjwq1ccggql13c1x7g4y90clpkqw28257azgn2a1c8n"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:tests? #f ; TODO Tests require gnutls built with
+ ; p11-kit
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "tests/setup-softhsm2.sh"
+ (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
+ (string-append (assoc-ref inputs "softhsm")
+ "/lib/softhsm/libsofthsm2.so")))
+ #t)))))
+ (propagated-inputs
+ `(("glib" ,glib) ; Requires: in the pkg-config file
+ ("nss" ,nss))) ; Requires.private: in the pkg-config
+ ; file
+ (native-inputs
+ `(("openssl" ,openssl)
+ ("nss" ,nss "bin")
+ ("opensc" ,opensc)
+ ("softhsm" ,softhsm)
+ ("gnutls" ,gnutls)
+ ("pkg-config" ,pkg-config)
+ ("which" ,which)))
+ (synopsis "Emulate and share smart cards with virtual machines")
+ (description
+ "The @acronym{CAC,Common Access Card} library can be used to emulate and
+share smart cards from client system to local or remote virtual machines.")
+ (home-page "https://gitlab.freedesktop.org/spice/libcacard")
+ (license license:lgpl2.1+)))
+
(define-public virt-viewer
(package
(name "virt-viewer")
--
2.26.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support.
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
@ 2020-04-14 19:44 ` Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 4/4] gnu: spice: " Christopher Baines
2 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
To: 40631
This fixes an error in gnome-boxes when starting virtual machines:
Unable to start domain: unsupported configuration: this QEMU binary lacks
smartcard passthrough mode support
* gnu/packages/virtualization.scm (qemu)[inputs]: Add libcacard.
---
gnu/packages/virtualization.scm | 1 +
1 file changed, 1 insertion(+)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index c00f3ef9a8..7d4aac0d40 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -217,6 +217,7 @@ exec smbd $@")))
("gtk+" ,gtk+)
("libaio" ,libaio)
("libattr" ,attr)
+ ("libcacard" ,libcacard) ; smartcard support
("libcap" ,libcap) ; virtfs support requires libcap & libattr
("libdrm" ,libdrm)
("libepoxy" ,libepoxy)
--
2.26.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [bug#40631] [PATCH 4/4] gnu: spice: Add libcacard as an input to enable smartcard support.
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support Christopher Baines
@ 2020-04-14 19:44 ` Christopher Baines
2 siblings, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-04-14 19:44 UTC (permalink / raw)
To: 40631
This is to fix an issue with gnome-boxes when trying to start a virtual
machine:
unsupported type name: smartcard
* gnu/packages/spice.scm (spice)[inputs]: Add libcacard.
---
gnu/packages/spice.scm | 1 +
1 file changed, 1 insertion(+)
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 7d3525def6..2115dd3d0b 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -212,6 +212,7 @@ which allows users to view a desktop computing environment.")
`(("cyrus-sasl" ,cyrus-sasl)
("glib" ,glib)
("libjpeg-turbo" ,libjpeg-turbo)
+ ("libcacard" ,libcacard) ; smartcard support
("lz4" ,lz4)
("opus" ,opus)
("orc" ,orc)
--
2.26.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
2020-04-14 19:36 [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
@ 2020-04-28 9:07 ` Brice Waegeneire
2020-04-28 10:11 ` Brice Waegeneire
2020-05-03 9:43 ` bug#40631: " Christopher Baines
1 sibling, 2 replies; 9+ messages in thread
From: Brice Waegeneire @ 2020-04-28 9:07 UTC (permalink / raw)
To: mail; +Cc: 40631
Hello Christopher,
I was thinking of packaging libcacard the other day, thankfully you've
already
done it.
If I understand correctly softhsm is needed to test libcacard, but it's
tests
can't be enabled because our gnutls is missing some features and
rebuilding it
would rebuild the world, right?
> + (name "softhsm")
> + (version "2.5.0")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://dist.opendnssec.org/source/"
> + "softhsm-" version ".tar.gz"))
The latest version is 2.6.0, even though the home-page don't list it,
it's present
in the source you defined or in their Github page[0].
> + (add-after 'unpack 'patch
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "tests/setup-softhsm2.sh"
> + (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
> + (string-append (assoc-ref inputs "softhsm")
> + "/lib/softhsm/libsofthsm2.so")))
> + #t)))))
Instead of 'patch' 'patch-tests' would be more descriptive.
LGTM otherwise, building and linting is successful.
[0]: https://github.com/opendnssec/SoftHSMv2/releases
- Brice
^ permalink raw reply [flat|nested] 9+ messages in thread
* [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
2020-04-28 9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
@ 2020-04-28 10:11 ` Brice Waegeneire
2020-05-03 9:45 ` Christopher Baines
2020-05-03 9:43 ` bug#40631: " Christopher Baines
1 sibling, 1 reply; 9+ messages in thread
From: Brice Waegeneire @ 2020-04-28 10:11 UTC (permalink / raw)
To: mail; +Cc: 40631
> + (description
> + "The @acronym{CAC,Common Access Card} library can be used to
> emulate and
> +share smart cards from client system to local or remote virtual
> machines.")
> + (home-page "https://gitlab.freedesktop.org/spice/libcacard")
> + (license license:lgpl2.1+)))
I just founded out that 'acronym' isn't displayed at all by “guix show“
producing “The library can be used [...]”, it can be replaced by 'dfn'
which is displayed quoted: “The "CAC" library can be used [...]”. I wish
“guix lint“ would display 'acronym' which seems more usefull than
'defn'.
- Brice
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40631: [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working
2020-04-28 9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
2020-04-28 10:11 ` Brice Waegeneire
@ 2020-05-03 9:43 ` Christopher Baines
1 sibling, 0 replies; 9+ messages in thread
From: Christopher Baines @ 2020-05-03 9:43 UTC (permalink / raw)
To: Brice Waegeneire; +Cc: 40631-done
[-- Attachment #1: Type: text/plain, Size: 1572 bytes --]
Brice Waegeneire <brice@waegenei.re> writes:
> I was thinking of packaging libcacard the other day, thankfully you've
> already
> done it.
>
> If I understand correctly softhsm is needed to test libcacard, but
> it's tests
> can't be enabled because our gnutls is missing some features and
> rebuilding it
> would rebuild the world, right?
Yep, I've got a bug open for that change [1].
1: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40654
>> + (name "softhsm")
>> + (version "2.5.0")
>> + (source (origin
>> + (method url-fetch)
>> + (uri (string-append
>> + "https://dist.opendnssec.org/source/"
>> + "softhsm-" version ".tar.gz"))
>
> The latest version is 2.6.0, even though the home-page don't list it,
> it's present
> in the source you defined or in their Github page[0].
Ah, interesting, I've updated the package to 2.6.1.
>> + (add-after 'unpack 'patch
>> + (lambda* (#:key inputs #:allow-other-keys)
>> + (substitute* "tests/setup-softhsm2.sh"
>> + (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
>> + (string-append (assoc-ref inputs "softhsm")
>> + "/lib/softhsm/libsofthsm2.so")))
>> + #t)))))
>
> Instead of 'patch' 'patch-tests' would be more descriptive.
Sure, I've changed the phase name.
> LGTM otherwise, building and linting is successful.
Great, I've gone ahead and pushed these patches as
17adb70f78b34a490b8e692f1a110cef72097685.
Thanks for taking a look!
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-05-03 9:45 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-14 19:36 [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 1/4] gnu: Add softhsm Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 2/4] gnu: Add libcacard Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 3/4] gnu: qemu: Add libcacard as an input to enable smartcard support Christopher Baines
2020-04-14 19:44 ` [bug#40631] [PATCH 4/4] gnu: spice: " Christopher Baines
2020-04-28 9:07 ` [bug#40631] [PATCH 0/4] Build QEMU with smartcard support, to get GNOME Boxes working Brice Waegeneire
2020-04-28 10:11 ` Brice Waegeneire
2020-05-03 9:45 ` Christopher Baines
2020-05-03 9:43 ` bug#40631: " Christopher Baines
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.