Commit | Line | Data |
---|---|---|
b3543e6c | 1 | ;;; GNU Guix --- Functional package management for GNU |
ab3fbb27 | 2 | ;;; Copyright © 2018, 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr> |
9e36859c | 3 | ;;; Copyright © 2019, 2020 Ricardo Wurmus <rekado@elephly.net> |
b3543e6c TGR |
4 | ;;; |
5 | ;;; This file is part of GNU Guix. | |
6 | ;;; | |
7 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
8 | ;;; under the terms of the GNU General Public License as published by | |
9 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
10 | ;;; your option) any later version. | |
11 | ;;; | |
12 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
13 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | ;;; GNU General Public License for more details. | |
16 | ;;; | |
17 | ;;; You should have received a copy of the GNU General Public License | |
18 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
19 | ||
20 | (define-module (gnu packages authentication) | |
6bbbdb1a | 21 | #:use-module (gnu packages) |
991c4410 RW |
22 | #:use-module (gnu packages autotools) |
23 | #:use-module (gnu packages documentation) | |
b3543e6c TGR |
24 | #:use-module (gnu packages linux) |
25 | #:use-module (gnu packages pkg-config) | |
991c4410 | 26 | #:use-module (gnu packages security-token) |
37fd8217 SJG |
27 | #:use-module (gnu packages tls) |
28 | #:use-module (gnu packages xml) | |
b3543e6c TGR |
29 | #:use-module (guix build-system gnu) |
30 | #:use-module (guix download) | |
991c4410 | 31 | #:use-module (guix git-download) |
b3543e6c TGR |
32 | #:use-module ((guix licenses) #:prefix license:) |
33 | #:use-module (guix packages)) | |
34 | ||
35 | (define-public oath-toolkit | |
b3543e6c TGR |
36 | (package |
37 | (name "oath-toolkit") | |
6e43922f | 38 | (version "2.6.7") |
b3543e6c TGR |
39 | (source |
40 | (origin | |
41 | (method url-fetch) | |
42 | (uri (string-append "https://download.savannah.nongnu.org/releases/" | |
43 | name "/" name "-" version ".tar.gz")) | |
44 | (sha256 | |
6e43922f | 45 | (base32 "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n")))) |
b3543e6c TGR |
46 | (build-system gnu-build-system) |
47 | (arguments | |
48 | ;; TODO ‘--enable-pskc’ causes xmlsec-related test suite failures. | |
49 | `(#:configure-flags | |
37fd8217 SJG |
50 | (list "--enable-pam" |
51 | "--enable-pskc" | |
52 | "--with-xmlsec-crypto-engine=openssl") | |
b3543e6c TGR |
53 | #:phases |
54 | (modify-phases %standard-phases | |
55 | (add-after 'install 'delete-static-libraries | |
56 | (lambda* (#:key outputs #:allow-other-keys) | |
57 | (let* ((out (assoc-ref outputs "out")) | |
58 | (lib (string-append out "/lib"))) | |
59 | (for-each delete-file (find-files lib "\\.a$")) | |
60 | #t)))))) | |
61 | (native-inputs | |
37fd8217 SJG |
62 | `(("pkg-config" ,pkg-config) |
63 | ||
64 | ;; XXX: Perhaps this should be propagated from xmlsec. | |
65 | ("libltdl" ,libltdl))) | |
b3543e6c | 66 | (inputs |
37fd8217 SJG |
67 | `(("linux-pam" ,linux-pam) |
68 | ("openssl" ,openssl) | |
69 | ("xmlsec-openssl" ,xmlsec-openssl))) | |
b3543e6c TGR |
70 | (home-page "https://www.nongnu.org/oath-toolkit/") |
71 | (synopsis "One-time password (OTP) components") | |
b3543e6c TGR |
72 | (description |
73 | "The @dfn{OATH} (Open AuTHentication) Toolkit provides various components | |
74 | for building one-time password (@dfn{OTP}) authentication systems: | |
75 | ||
76 | @itemize | |
77 | @item @command{oathtool}, a command-line tool for generating & validating OTPs. | |
78 | @item @code{liboath}, a C library for OATH handling. | |
37fd8217 SJG |
79 | @item @command{pskctool}, a command-line tool for manipulating secret key |
80 | files in the Portable Symmetric Key Container (@dfn{PSKC}) format | |
81 | described in RFC6030. | |
82 | @item @code{libpskc}, a shared and static C library for PSKC handling. | |
b3543e6c TGR |
83 | @item @code{pam_oath}, a PAM module for pluggable login authentication. |
84 | @end itemize | |
85 | ||
37fd8217 SJG |
86 | Supported technologies include the event-based @acronym{HOTP, Hash-based Message |
87 | Authentication Code One-Time Password} algorithm (RFC4226), the time-based | |
88 | @acronym{TOTP, Time-based One-Time Password} algorithm (RFC6238), and | |
89 | @acronym{PSKC, Portable Symmetric Key Container} (RFC6030) to manage secret key | |
90 | data.") | |
b3543e6c TGR |
91 | (license (list license:lgpl2.1+ ; the libraries (liboath/ & libpskc/) |
92 | license:gpl3+)))) ; the tools (everything else) | |
991c4410 RW |
93 | |
94 | (define-public yubico-pam | |
95 | (let ((commit "b5bd00db81e0e0e0ecced65c684080bb56ddc35b") | |
96 | (revision "0")) | |
97 | (package | |
98 | (name "yubico-pam") | |
99 | (version (git-version "2.26" revision commit)) | |
100 | (source (origin | |
101 | (method git-fetch) | |
102 | (uri (git-reference | |
b0e7b699 | 103 | (url "https://github.com/Yubico/yubico-pam") |
991c4410 RW |
104 | (commit commit))) |
105 | (file-name (git-file-name name version)) | |
106 | (sha256 | |
107 | (base32 | |
108 | "10dq8dqi3jldllj6p8r9hldx9sank9n82c44w8akxrs1vli6nj3m")))) | |
109 | (build-system gnu-build-system) | |
110 | (arguments | |
111 | ;; The pam_test fails because ykclient fails to build a Curl handle. | |
112 | '(#:make-flags '("TESTS=util_test"))) | |
113 | (inputs | |
114 | `(("linux-pam" ,linux-pam) | |
115 | ("libyubikey" ,libyubikey) | |
116 | ("ykclient" ,ykclient) | |
117 | ("yubikey-personalization" ,yubikey-personalization))) | |
118 | (native-inputs | |
119 | `(("autoconf" ,autoconf) | |
120 | ("automake" ,automake) | |
121 | ("libtool" ,libtool) | |
122 | ("asciidoc" ,asciidoc) | |
123 | ("pkg-config" ,pkg-config))) | |
124 | (home-page "https://developers.yubico.com/yubico-pam") | |
125 | (synopsis "Yubico pluggable authentication module") | |
126 | (description "The Yubico PAM module provides an easy way to integrate the | |
127 | YubiKey into your existing user authentication infrastructure.") | |
128 | (license license:bsd-2)))) | |
9e36859c RW |
129 | |
130 | (define-public pamtester | |
131 | (package | |
132 | (name "pamtester") | |
133 | (version "0.1.2") | |
134 | (source | |
135 | (origin | |
136 | (method url-fetch) | |
137 | (uri (string-append | |
138 | "mirror://sourceforge/pamtester/pamtester/" | |
139 | version "/pamtester-" version ".tar.gz")) | |
140 | (sha256 | |
141 | (base32 "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3")))) | |
142 | (build-system gnu-build-system) | |
143 | (native-inputs | |
144 | `(("pkg-config" ,pkg-config))) | |
145 | (inputs | |
146 | `(("linux-pam" ,linux-pam))) | |
147 | (home-page "http://pamtester.sourceforge.net/") | |
148 | (synopsis "Utility for testing pluggable authentication modules (PAM) facility") | |
149 | (description | |
150 | "Pamtester is a tiny utility program to test the pluggable authentication | |
151 | modules (PAM) facility, specifically designed to help PAM module authors to | |
152 | intensively test their own modules.") | |
153 | (license license:bsd-3))) |