* [bug#31298] [PATCH 0/2] Add some packages related to security tokens
@ 2018-04-28 10:57 Chris Marusich
2018-04-28 11:02 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Chris Marusich
0 siblings, 1 reply; 6+ messages in thread
From: Chris Marusich @ 2018-04-28 10:57 UTC (permalink / raw)
To: 31298; +Cc: Chris Marusich
Hi Guix!
These two patches add opensc and yubico-piv-tool. The former is
useful because, among other reasons, its PKCS#11 shared library can be
used with an SSH agent to fetch credentials from a smart card (such as
a YubiKey). The latter is useful for interacting with the PIV
application on a YubiKey. I have verified that both of these work on
my system for those purposes, with a YubiKey.
To successfully use the OpenSC PKCS#11 shared library with an SSH
agent, you need to take care to start your ssh-agent with the -P
option to whitelist the path of the library's .so file. If you don't
do that, then any attempt to invoke ssh-add with the -s option will
fail with a generic message.
Chris Marusich (2):
gnu: Add opensc.
gnu: Add yubico-piv-tool.
gnu/packages/security-token.scm | 91 +++++++++++++++++++++++++++++++++
1 file changed, 91 insertions(+)
--
2.17.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#31298] [PATCH 1/2] gnu: Add opensc.
2018-04-28 10:57 [bug#31298] [PATCH 0/2] Add some packages related to security tokens Chris Marusich
@ 2018-04-28 11:02 ` Chris Marusich
2018-04-28 11:02 ` [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool Chris Marusich
2018-04-30 20:56 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Ludovic Courtès
0 siblings, 2 replies; 6+ messages in thread
From: Chris Marusich @ 2018-04-28 11:02 UTC (permalink / raw)
To: 31298; +Cc: Chris Marusich
* gnu/packages/security-token.scm (opensc): New variable.
---
gnu/packages/security-token.scm | 51 +++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 6ff83ce5a..305e3d8a4 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -31,6 +32,7 @@
#:use-module (guix build-system glib-or-gtk)
#:use-module (gnu packages autotools)
#:use-module (gnu packages curl)
+ #:use-module (gnu packages docbook)
#:use-module (gnu packages gettext)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libusb)
@@ -38,6 +40,7 @@
#:use-module (gnu packages man)
#:use-module (gnu packages networking)
#:use-module (gnu packages cyrus-sasl)
+ #:use-module (gnu packages readline)
#:use-module (gnu packages tls)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
@@ -202,3 +205,51 @@ one-time-password (OTP) YubiKey against Yubico’s servers. See the Yubico
website for more information about Yubico and the YubiKey.")
(home-page "https://developers.yubico.com/yubico-c-client/")
(license license:bsd-2)))
+
+(define-public opensc
+ (package
+ (name "opensc")
+ (version "0.17.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/OpenSC/OpenSC/releases/download/"
+ version "/opensc-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0043jh5g7q2lyd5vnb0akwb5y349isx7vbm9wqhlgav7d20wcwxy"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; By setting an absolute path here, we arrange for OpenSC to
+ ;; successfully dlopen libpcsclite.so.1 by default. The user can
+ ;; still override this if they want to, by specifying a custom OpenSC
+ ;; configuration file at runtime.
+ (add-after 'unpack 'set-default-libpcsclite.so.1-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((libpcsclite (string-append (assoc-ref inputs "pcsc-lite")
+ "/lib/libpcsclite.so.1")))
+ (substitute* "configure"
+ (("DEFAULT_PCSC_PROVIDER=\"libpcsclite\\.so\\.1\"")
+ (string-append
+ "DEFAULT_PCSC_PROVIDER=\"" libpcsclite "\"")))
+ #t))))))
+ (inputs
+ `(("readline" ,readline)
+ ("openssl" ,openssl)
+ ("pcsc-lite" ,pcsc-lite)
+ ("ccid" ,ccid)))
+ (native-inputs
+ `(("libxslt" ,libxslt)
+ ("docbook-xsl" ,docbook-xsl)
+ ("pkg-config" ,pkg-config)))
+ (home-page "https://github.com/OpenSC/OpenSC/wiki")
+ (synopsis "Tools and libraries related to smart cards")
+ (description
+ "OpenSC is a set of software tools and libraries to work with smart
+cards, with the focus on smart cards with cryptographic capabilities. OpenSC
+facilitate the use of smart cards in security applications such as
+authentication, encryption and digital signatures. OpenSC implements the PKCS
+#15 standard and the PKCS #11 API.")
+ (license license:lgpl2.1+)))
--
2.17.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool.
2018-04-28 11:02 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Chris Marusich
@ 2018-04-28 11:02 ` Chris Marusich
2018-04-30 20:57 ` Ludovic Courtès
2018-04-30 20:56 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Ludovic Courtès
1 sibling, 1 reply; 6+ messages in thread
From: Chris Marusich @ 2018-04-28 11:02 UTC (permalink / raw)
To: 31298; +Cc: Chris Marusich
* gnu/packages/security-token.scm (yubico-piv-tool): New variable.
---
gnu/packages/security-token.scm | 40 +++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 305e3d8a4..64fe7d833 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -32,8 +32,11 @@
#:use-module (guix build-system glib-or-gtk)
#:use-module (gnu packages autotools)
#:use-module (gnu packages curl)
+ #:use-module (gnu packages check)
#:use-module (gnu packages docbook)
+ #:use-module (gnu packages documentation)
#:use-module (gnu packages gettext)
+ #:use-module (gnu packages graphviz)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
@@ -42,6 +45,7 @@
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages readline)
#:use-module (gnu packages tls)
+ #:use-module (gnu packages tex)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages xml))
@@ -253,3 +257,39 @@ facilitate the use of smart cards in security applications such as
authentication, encryption and digital signatures. OpenSC implements the PKCS
#15 standard and the PKCS #11 API.")
(license license:lgpl2.1+)))
+
+(define-public yubico-piv-tool
+ (package
+ (name "yubico-piv-tool")
+ (version "1.5.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://developers.yubico.com/yubico-piv-tool/Releases/"
+ name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1axa0lnky5gsc8yack6mpfbjh49z0czr1cv52gbgjnx2kcbpb0y1"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("perl" ,perl)
+ ("pcsc-lite" ,pcsc-lite)
+ ("openssl" ,openssl)))
+ (native-inputs
+ `(("doxygen" ,doxygen)
+ ("graphviz" ,graphviz)
+ ("check" ,check)
+ ("texlive-bin" ,texlive-bin)
+ ("pkg-config" ,pkg-config)))
+ (home-page "https://developers.yubico.com/yubico-piv-tool/")
+ (synopsis "Interact with the PIV application on a YubiKey")
+ (description
+ "The Yubico PIV tool is used for interacting with the Privilege and
+Identification Card (PIV) application on a YubiKey. With it you may generate
+keys on the device, import keys and certificates, create certificate requests,
+and other operations. It includes a library and a command-line tool.")
+ ;; The file ykcs11/pkcs11.h also declares an additional, very short free
+ ;; license for that one file. Please see it for details. The files in
+ ;; the m4 directory are licensed under either a similarly terse free
+ ;; license or gpl2+. The vast majority of files are licensed under bsd-2.
+ (license license:bsd-2)))
--
2.17.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#31298] [PATCH 1/2] gnu: Add opensc.
2018-04-28 11:02 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Chris Marusich
2018-04-28 11:02 ` [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool Chris Marusich
@ 2018-04-30 20:56 ` Ludovic Courtès
1 sibling, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2018-04-30 20:56 UTC (permalink / raw)
To: Chris Marusich; +Cc: 31298
Chris Marusich <cmmarusich@gmail.com> skribis:
> * gnu/packages/security-token.scm (opensc): New variable.
LGTM, thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool.
2018-04-28 11:02 ` [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool Chris Marusich
@ 2018-04-30 20:57 ` Ludovic Courtès
2018-05-02 5:49 ` bug#31298: " Chris Marusich
0 siblings, 1 reply; 6+ messages in thread
From: Ludovic Courtès @ 2018-04-30 20:57 UTC (permalink / raw)
To: Chris Marusich; +Cc: 31298
Chris Marusich <cmmarusich@gmail.com> skribis:
> * gnu/packages/security-token.scm (yubico-piv-tool): New variable.
LGTM!
> + (home-page "https://developers.yubico.com/yubico-piv-tool/")
> + (synopsis "Interact with the PIV application on a YubiKey")
> + (description
> + "The Yubico PIV tool is used for interacting with the Privilege and
> +Identification Card (PIV) application on a YubiKey. With it you may generate
> +keys on the device, import keys and certificates, create certificate requests,
> +and other operations. It includes a library and a command-line tool.")
> + ;; The file ykcs11/pkcs11.h also declares an additional, very short free
> + ;; license for that one file. Please see it for details. The files in
> + ;; the m4 directory are licensed under either a similarly terse free
> + ;; license or gpl2+. The vast majority of files are licensed under bsd-2.
> + (license license:bsd-2)))
I think you can omit the bit about the m4/ directory since it’s pretty
much the same story in many packages.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#31298: [PATCH 2/2] gnu: Add yubico-piv-tool.
2018-04-30 20:57 ` Ludovic Courtès
@ 2018-05-02 5:49 ` Chris Marusich
0 siblings, 0 replies; 6+ messages in thread
From: Chris Marusich @ 2018-05-02 5:49 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 31298-done
[-- Attachment #1: Type: text/plain, Size: 312 bytes --]
ludo@gnu.org (Ludovic Courtès) writes:
> I think you can omit the bit about the m4/ directory since it’s pretty
> much the same story in many packages.
That's true. I've tidied up the comment and committed this as
ba8d8820fc823eff8e71ab3157e3728f67094373.
Thank you for the review!
--
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-05-02 5:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-28 10:57 [bug#31298] [PATCH 0/2] Add some packages related to security tokens Chris Marusich
2018-04-28 11:02 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Chris Marusich
2018-04-28 11:02 ` [bug#31298] [PATCH 2/2] gnu: Add yubico-piv-tool Chris Marusich
2018-04-30 20:57 ` Ludovic Courtès
2018-05-02 5:49 ` bug#31298: " Chris Marusich
2018-04-30 20:56 ` [bug#31298] [PATCH 1/2] gnu: Add opensc Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.