Commit | Line | Data |
---|---|---|
6036453f LC |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org> | |
58c5fb76 | 3 | ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> |
a6b256af | 4 | ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org> |
58fdab1d | 5 | ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> |
e84eb77a | 6 | ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> |
4a9103df | 7 | ;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr> |
53471636 | 8 | ;;; Copyright © 2017, 2019 Ricardo Wurmus <rekado@elephly.net> |
404037f8 | 9 | ;;; Copyright © 2018, 2019 Chris Marusich <cmmarusich@gmail.com> |
fab8a9f9 | 10 | ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> |
e6e31a59 | 11 | ;;; Copyright © 2020 Raphaël Mélotte <raphael.melotte@mind.be> |
6036453f LC |
12 | ;;; |
13 | ;;; This file is part of GNU Guix. | |
14 | ;;; | |
15 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
16 | ;;; under the terms of the GNU General Public License as published by | |
17 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
18 | ;;; your option) any later version. | |
19 | ;;; | |
20 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
21 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
22 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
23 | ;;; GNU General Public License for more details. | |
24 | ;;; | |
25 | ;;; You should have received a copy of the GNU General Public License | |
26 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
27 | ||
f9c33960 | 28 | (define-module (gnu packages security-token) |
6036453f | 29 | #:use-module (gnu packages) |
07b1fb86 | 30 | #:use-module ((guix licenses) #:prefix license:) |
6036453f LC |
31 | #:use-module (guix packages) |
32 | #:use-module (guix download) | |
5297e975 | 33 | #:use-module (guix gexp) |
13151c32 | 34 | #:use-module (guix git-download) |
6036453f | 35 | #:use-module (guix build-system gnu) |
e84eb77a | 36 | #:use-module (guix build-system glib-or-gtk) |
404037f8 | 37 | #:use-module (guix build-system python) |
e84eb77a | 38 | #:use-module (gnu packages autotools) |
53471636 | 39 | #:use-module (gnu packages base) |
a6b256af | 40 | #:use-module (gnu packages curl) |
ba8d8820 | 41 | #:use-module (gnu packages check) |
a6706f30 | 42 | #:use-module (gnu packages docbook) |
ba8d8820 | 43 | #:use-module (gnu packages documentation) |
5297e975 | 44 | #:use-module (gnu packages dns) |
e84eb77a | 45 | #:use-module (gnu packages gettext) |
ba8d8820 | 46 | #:use-module (gnu packages graphviz) |
e6e31a59 | 47 | #:use-module (gnu packages gnupg) |
e84eb77a | 48 | #:use-module (gnu packages gtk) |
58fdab1d | 49 | #:use-module (gnu packages libusb) |
a6b256af | 50 | #:use-module (gnu packages linux) |
6036453f | 51 | #:use-module (gnu packages man) |
e84eb77a TD |
52 | #:use-module (gnu packages networking) |
53 | #:use-module (gnu packages cyrus-sasl) | |
aa3ad4b1 | 54 | #:use-module (gnu packages popt) |
a6706f30 | 55 | #:use-module (gnu packages readline) |
e84eb77a | 56 | #:use-module (gnu packages tls) |
ba8d8820 | 57 | #:use-module (gnu packages tex) |
a6b256af | 58 | #:use-module (gnu packages perl) |
e84eb77a | 59 | #:use-module (gnu packages pkg-config) |
404037f8 | 60 | #:use-module (gnu packages python) |
5297e975 CM |
61 | #:use-module (gnu packages python-crypto) |
62 | #:use-module (gnu packages python-xyz) | |
404037f8 | 63 | #:use-module (gnu packages swig) |
a5523942 | 64 | #:use-module (gnu packages web) |
e84eb77a | 65 | #:use-module (gnu packages xml)) |
6036453f | 66 | |
58fdab1d MB |
67 | (define-public ccid |
68 | (package | |
69 | (name "ccid") | |
95df6dc6 | 70 | (version "1.4.34") |
58fdab1d MB |
71 | (source (origin |
72 | (method url-fetch) | |
f5bb997d MB |
73 | (uri (string-append "https://ccid.apdu.fr/files/ccid-" |
74 | version ".tar.bz2")) | |
58fdab1d MB |
75 | (sha256 |
76 | (base32 | |
95df6dc6 | 77 | "02mlbpnsvy6jgwpz0jk5lh27y3cn2bsyz9xini7898m9b5dn9xz6")))) |
58fdab1d MB |
78 | (build-system gnu-build-system) |
79 | (arguments | |
80 | `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output | |
81 | "/pcsc/drivers")) | |
82 | #:phases | |
83 | (modify-phases %standard-phases | |
84 | (add-after 'unpack 'patch-Makefile | |
85 | (lambda _ | |
86 | (substitute* "src/Makefile.in" | |
87 | (("/bin/echo") (which "echo"))) | |
88 | #t))))) | |
89 | (native-inputs | |
b7f47d24 | 90 | `(("perl" ,perl) |
58fdab1d MB |
91 | ("pkg-config" ,pkg-config))) |
92 | (inputs | |
b7f47d24 CN |
93 | `(("libusb" ,libusb) |
94 | ("pcsc-lite" ,pcsc-lite))) | |
01c6607a | 95 | (home-page "https://ccid.apdu.fr/") |
58fdab1d MB |
96 | (synopsis "PC/SC driver for USB smart card devices") |
97 | (description | |
98 | "This package provides a PC/SC IFD handler implementation for devices | |
99 | compliant with the CCID and ICCD protocols. It supports a wide range of | |
100 | readers and is needed to communicate with such devices through the | |
101 | @command{pcscd} resource manager.") | |
102 | (license license:lgpl2.1+))) | |
103 | ||
e84eb77a TD |
104 | (define-public eid-mw |
105 | (package | |
106 | (name "eid-mw") | |
deb88532 | 107 | (version "5.0.14") |
13151c32 TGR |
108 | (source |
109 | (origin | |
110 | (method git-fetch) | |
111 | (uri (git-reference | |
112 | (url "https://github.com/Fedict/eid-mw") | |
113 | (commit (string-append "v" version)))) | |
4fdad3ed | 114 | (file-name (git-file-name name version)) |
13151c32 | 115 | (sha256 |
deb88532 | 116 | (base32 "1hyxsbxjjn9hh5p7jlcfb5yplf3n8dg49dfgi8fjp95phis3gbd4")))) |
e84eb77a | 117 | (build-system glib-or-gtk-build-system) |
74a83085 | 118 | (native-inputs |
e84eb77a | 119 | `(("autoconf" ,autoconf) |
e6e31a59 | 120 | ("autoconf-archive" ,autoconf-archive) |
e84eb77a | 121 | ("automake" ,automake) |
f2d97d57 | 122 | ("gettext" ,gettext-minimal) |
e84eb77a | 123 | ("libtool" ,libtool) |
e6e31a59 | 124 | ("libassuan" ,libassuan) |
e84eb77a TD |
125 | ("pkg-config" ,pkg-config) |
126 | ("perl" ,perl))) | |
127 | (inputs | |
128 | `(("curl" ,curl) | |
129 | ("openssl" ,openssl) | |
130 | ("gtk+" ,gtk+) | |
131 | ("pcsc-lite" ,pcsc-lite) | |
132 | ("p11-kit" ,p11-kit) | |
133 | ("libproxy" ,libproxy) | |
134 | ("libxml2" ,libxml2) | |
135 | ("cyrus-sasl" ,cyrus-sasl))) | |
136 | (arguments | |
c3350b9b TGR |
137 | `(#:configure-flags |
138 | (list "--disable-static") | |
139 | #:phases | |
e84eb77a | 140 | (modify-phases %standard-phases |
c746acf3 | 141 | (replace 'bootstrap |
080093ff TGR |
142 | (lambda _ |
143 | ;; configure.ac relies on ‘git --describe’ to get the version. | |
144 | ;; Patch it to just return the real version number directly. | |
145 | (substitute* "scripts/build-aux/genver.sh" | |
146 | (("/bin/sh") (which "sh")) | |
b6389525 | 147 | (("^(GITDESC=).*" _ match) (string-append match ,version "\n"))) |
d2bf8961 RM |
148 | (invoke "sh" "./bootstrap.sh"))) |
149 | (add-after 'unpack 'make-reproducible | |
150 | (lambda _ | |
151 | (substitute* "scripts/mac/create-vers.sh" | |
152 | (("NOW=.*") | |
153 | "NOW=1970-01-01\n")) | |
e6e31a59 RM |
154 | #t)) |
155 | ;; Remove failing test that was removed upstream after version 5.0.8. | |
156 | ;; See: https://github.com/Fedict/eid-mw/commit/3d1187b1b61118b9ae97607903d3d2fc0bad7518 | |
157 | (add-before 'check 'remove-failing-test | |
158 | (lambda _ | |
159 | (substitute* "tests/unit/Makefile.am" | |
160 | (("sign_state ordering cardcom_common") | |
161 | "sign_state ordering #cardcom_common")) | |
162 | #t)) | |
163 | ))) | |
e84eb77a TD |
164 | (synopsis "Belgian eID Middleware") |
165 | (description "The Belgian eID Middleware is required to authenticate with | |
166 | online services using the Belgian electronic identity card.") | |
167 | (home-page "https://github.com/Fedict/eid-mw") | |
168 | (license license:lgpl3))) | |
169 | ||
6036453f LC |
170 | (define-public libyubikey |
171 | (package | |
172 | (name "libyubikey") | |
58c5fb76 | 173 | (version "1.13") |
6036453f LC |
174 | (source (origin |
175 | (method url-fetch) | |
176 | (uri (string-append | |
177 | "https://developers.yubico.com/yubico-c/Releases/" | |
178 | name "-" version ".tar.gz")) | |
179 | (sha256 | |
180 | (base32 | |
58c5fb76 | 181 | "009l3k2zyn06dbrlja2d4p2vfnzjhlcqxi88v02mlrnb17mx1v84")))) |
6036453f LC |
182 | (build-system gnu-build-system) |
183 | (synopsis "Development kit for the YubiKey authentication device") | |
184 | (description | |
185 | "This package contains a C library and command-line tools that make up | |
186 | the low-level development kit for the Yubico YubiKey authentication device.") | |
187 | (home-page "https://developers.yubico.com/yubico-c/") | |
07b1fb86 | 188 | (license license:bsd-2))) |
6036453f | 189 | |
2bed28f4 CB |
190 | (define-public softhsm |
191 | (package | |
192 | (name "softhsm") | |
193 | (version "2.6.1") | |
194 | (source (origin | |
195 | (method url-fetch) | |
196 | (uri (string-append | |
197 | "https://dist.opendnssec.org/source/" | |
198 | "softhsm-" version ".tar.gz")) | |
199 | (sha256 | |
200 | (base32 | |
201 | "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931")))) | |
202 | (build-system gnu-build-system) | |
203 | (arguments | |
204 | '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL | |
205 | ; engine for GOST | |
206 | (inputs | |
207 | `(("openssl" ,openssl))) | |
208 | (native-inputs | |
209 | `(("pkg-config" ,pkg-config) | |
210 | ("cppunit" ,cppunit))) | |
211 | (synopsis "Software implementation of a generic cryptographic device") | |
212 | (description | |
213 | "SoftHSM 2 is a software implementation of a generic cryptographic device | |
214 | with a PKCS #11 Cryptographic Token Interface.") | |
215 | (home-page "https://www.opendnssec.org/softhsm/") | |
216 | (license license:bsd-2))) | |
217 | ||
a6b256af MG |
218 | (define-public pcsc-lite |
219 | (package | |
220 | (name "pcsc-lite") | |
f25657c5 | 221 | (version "1.9.0") |
a6b256af MG |
222 | (source (origin |
223 | (method url-fetch) | |
b256ab50 TGR |
224 | (uri (string-append "https://pcsclite.apdu.fr/files/" |
225 | "pcsc-lite-" version ".tar.bz2")) | |
a6b256af MG |
226 | (sha256 |
227 | (base32 | |
f25657c5 | 228 | "1y9f9zipnrmgiw0mxrvcgky8vfrcmg6zh40gbln5a93i2c1x8j01")))) |
a6b256af MG |
229 | (build-system gnu-build-system) |
230 | (arguments | |
972fa870 MB |
231 | `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers" |
232 | "--disable-libsystemd"))) | |
a6b256af MG |
233 | (native-inputs |
234 | `(("perl" ,perl) ; for pod2man | |
235 | ("pkg-config" ,pkg-config))) | |
236 | (inputs | |
237 | `(("libudev" ,eudev))) | |
01c6607a | 238 | (home-page "https://pcsclite.apdu.fr/") |
a6b256af MG |
239 | (synopsis "Middleware to access a smart card using PC/SC") |
240 | (description | |
241 | "pcsc-lite provides an interface to communicate with smartcards and | |
242 | readers using the SCard API. pcsc-lite is used to connect to the PC/SC daemon | |
243 | from a client application and provide access to the desired reader.") | |
244 | (license (list license:bsd-3 ; pcsc-lite | |
a6b256af MG |
245 | license:isc ; src/strlcat.c src/strlcpy.c |
246 | license:gpl3+)))) ; src/spy/* | |
247 | ||
6036453f LC |
248 | (define-public ykclient |
249 | (package | |
250 | (name "ykclient") | |
f6b1a8f7 | 251 | (version "2.15") |
6036453f LC |
252 | (source (origin |
253 | (method url-fetch) | |
254 | (uri (string-append | |
255 | "https://developers.yubico.com/yubico-c-client/Releases/" | |
256 | name "-" version ".tar.gz")) | |
257 | (sha256 | |
258 | (base32 | |
f6b1a8f7 | 259 | "05jhx9waj3pl120ddnwap1v3bjrnbfhvf3lxs2xmhpcmwzpwsqgl")))) |
6036453f LC |
260 | (build-system gnu-build-system) |
261 | ||
262 | ;; There's just one test, and it requires network access to access | |
263 | ;; yubico.com, so skip it. | |
264 | (arguments '(#:tests? #f)) | |
265 | ||
266 | (native-inputs `(("pkg-config" ,pkg-config) | |
267 | ("help2man" ,help2man))) | |
268 | (inputs `(("curl" ,curl))) | |
269 | (synopsis "C library to validate one-time-password YubiKeys") | |
270 | (description | |
271 | "YubiKey C Client Library (libykclient) is a C library used to validate a | |
272 | one-time-password (OTP) YubiKey against Yubico’s servers. See the Yubico | |
273 | website for more information about Yubico and the YubiKey.") | |
274 | (home-page "https://developers.yubico.com/yubico-c-client/") | |
07b1fb86 | 275 | (license license:bsd-2))) |
a6706f30 CM |
276 | |
277 | (define-public opensc | |
278 | (package | |
279 | (name "opensc") | |
2853dadb | 280 | (version "0.21.0") |
a6706f30 CM |
281 | (source (origin |
282 | (method url-fetch) | |
283 | (uri (string-append | |
284 | "https://github.com/OpenSC/OpenSC/releases/download/" | |
285 | version "/opensc-" version ".tar.gz")) | |
286 | (sha256 | |
287 | (base32 | |
2853dadb | 288 | "0pijycjwpll9zn83dazgsh8n9ywq0z1ragjsd1sqv3abrcfvpyrb")))) |
a6706f30 CM |
289 | (build-system gnu-build-system) |
290 | (arguments | |
291 | `(#:phases | |
292 | (modify-phases %standard-phases | |
293 | ;; By setting an absolute path here, we arrange for OpenSC to | |
294 | ;; successfully dlopen libpcsclite.so.1 by default. The user can | |
295 | ;; still override this if they want to, by specifying a custom OpenSC | |
296 | ;; configuration file at runtime. | |
297 | (add-after 'unpack 'set-default-libpcsclite.so.1-path | |
298 | (lambda* (#:key inputs #:allow-other-keys) | |
299 | (let ((libpcsclite (string-append (assoc-ref inputs "pcsc-lite") | |
300 | "/lib/libpcsclite.so.1"))) | |
301 | (substitute* "configure" | |
302 | (("DEFAULT_PCSC_PROVIDER=\"libpcsclite\\.so\\.1\"") | |
303 | (string-append | |
304 | "DEFAULT_PCSC_PROVIDER=\"" libpcsclite "\""))) | |
bfd99572 | 305 | #t)))))) |
a6706f30 CM |
306 | (inputs |
307 | `(("readline" ,readline) | |
308 | ("openssl" ,openssl) | |
309 | ("pcsc-lite" ,pcsc-lite) | |
310 | ("ccid" ,ccid))) | |
311 | (native-inputs | |
312 | `(("libxslt" ,libxslt) | |
313 | ("docbook-xsl" ,docbook-xsl) | |
314 | ("pkg-config" ,pkg-config))) | |
315 | (home-page "https://github.com/OpenSC/OpenSC/wiki") | |
316 | (synopsis "Tools and libraries related to smart cards") | |
317 | (description | |
318 | "OpenSC is a set of software tools and libraries to work with smart | |
319 | cards, with the focus on smart cards with cryptographic capabilities. OpenSC | |
320 | facilitate the use of smart cards in security applications such as | |
321 | authentication, encryption and digital signatures. OpenSC implements the PKCS | |
322 | #15 standard and the PKCS #11 API.") | |
323 | (license license:lgpl2.1+))) | |
ba8d8820 CM |
324 | |
325 | (define-public yubico-piv-tool | |
326 | (package | |
327 | (name "yubico-piv-tool") | |
574e2ee8 | 328 | (version "1.6.1") |
ba8d8820 CM |
329 | (source (origin |
330 | (method url-fetch) | |
331 | (uri (string-append | |
332 | "https://developers.yubico.com/yubico-piv-tool/Releases/" | |
333 | name "-" version ".tar.gz")) | |
334 | (sha256 | |
335 | (base32 | |
574e2ee8 | 336 | "10xgdc51xvszkxmsvqnbjs8ixxz7rfnfahh3wn8glllynmszbhwi")))) |
ba8d8820 CM |
337 | (build-system gnu-build-system) |
338 | (inputs | |
aa3ad4b1 MB |
339 | `(("gengetopt" ,gengetopt) |
340 | ("perl" ,perl) | |
ba8d8820 CM |
341 | ("pcsc-lite" ,pcsc-lite) |
342 | ("openssl" ,openssl))) | |
343 | (native-inputs | |
344 | `(("doxygen" ,doxygen) | |
345 | ("graphviz" ,graphviz) | |
aa3ad4b1 | 346 | ("help2man" ,help2man) |
ba8d8820 CM |
347 | ("check" ,check) |
348 | ("texlive-bin" ,texlive-bin) | |
349 | ("pkg-config" ,pkg-config))) | |
350 | (home-page "https://developers.yubico.com/yubico-piv-tool/") | |
351 | (synopsis "Interact with the PIV application on a YubiKey") | |
352 | (description | |
353 | "The Yubico PIV tool is used for interacting with the Privilege and | |
354 | Identification Card (PIV) application on a YubiKey. With it you may generate | |
355 | keys on the device, import keys and certificates, create certificate requests, | |
356 | and other operations. It includes a library and a command-line tool.") | |
357 | ;; The file ykcs11/pkcs11.h also declares an additional, very short free | |
358 | ;; license for that one file. Please see it for details. The vast | |
359 | ;; majority of files are licensed under bsd-2. | |
360 | (license license:bsd-2))) | |
a5523942 CM |
361 | |
362 | (define-public yubikey-personalization | |
363 | (package | |
364 | (name "yubikey-personalization") | |
a9203c23 | 365 | (version "1.19.3") |
a5523942 CM |
366 | (source (origin |
367 | (method url-fetch) | |
368 | (uri (string-append | |
369 | "https://developers.yubico.com/" name | |
370 | "/Releases/ykpers-" version ".tar.gz")) | |
371 | (sha256 | |
372 | (base32 | |
a9203c23 | 373 | "0jhvnavjrpwzmmjcw486df5s48j53njqgyz36yz3dskbaz3kwlfr")))) |
a5523942 CM |
374 | (build-system gnu-build-system) |
375 | (arguments | |
376 | '(#:configure-flags (list (string-append "--with-udevrulesdir=" | |
377 | (assoc-ref %outputs "out") | |
378 | "/lib/udev/rules.d")))) | |
379 | (inputs | |
beec29da | 380 | `(("json-c" ,json-c-0.13) |
a5523942 CM |
381 | ("libusb" ,libusb) |
382 | ;; The library "libyubikey" is also known as "yubico-c". | |
383 | ("libyubikey" ,libyubikey))) | |
384 | (native-inputs | |
385 | `(("pkg-config" ,pkg-config) | |
386 | ("eudev" ,eudev))) | |
387 | (home-page "https://developers.yubico.com/yubikey-personalization/") | |
388 | (synopsis "Library and tools to personalize YubiKeys") | |
389 | (description | |
390 | "The YubiKey Personalization package contains a C library and command | |
391 | line tools for personalizing YubiKeys. You can use these to set an AES key, | |
392 | retrieve a YubiKey's serial number, and so forth.") | |
393 | (license license:bsd-2))) | |
404037f8 CM |
394 | |
395 | (define-public python-pyscard | |
396 | (package | |
397 | (name "python-pyscard") | |
8a8e4491 | 398 | (version "1.9.9") |
404037f8 CM |
399 | (source (origin |
400 | (method url-fetch) | |
401 | ;; The maintainer publishes releases on various sites, but | |
402 | ;; SourceForge is apparently the only one with a signed release. | |
403 | (uri (string-append | |
404 | "mirror://sourceforge/pyscard/pyscard/pyscard%20" | |
405 | version "/pyscard-" version ".tar.gz")) | |
406 | (sha256 | |
407 | (base32 | |
8a8e4491 | 408 | "082cjkbxadaz2jb4rbhr0mkrirzlqyqhcf3r823qb0q1k50ybgg6")))) |
404037f8 CM |
409 | (build-system python-build-system) |
410 | (arguments | |
411 | `(#:phases | |
412 | (modify-phases %standard-phases | |
413 | ;; Tell pyscard where to find the PCSC include directory. | |
414 | (add-after 'unpack 'patch-platform-include-dirs | |
415 | (lambda* (#:key inputs #:allow-other-keys) | |
416 | (let ((pcsc-include-dir (string-append | |
417 | (assoc-ref inputs "pcsc-lite") | |
418 | "/include/PCSC"))) | |
419 | (substitute* "setup.py" | |
420 | (("platform_include_dirs = \\[.*?\\]") | |
421 | (string-append | |
422 | "platform_include_dirs = ['" pcsc-include-dir "']"))) | |
423 | #t))) | |
424 | ;; pyscard wants to dlopen libpcsclite, so tell it where it is. | |
425 | (add-after 'unpack 'patch-dlopen | |
426 | (lambda* (#:key inputs #:allow-other-keys) | |
427 | (substitute* "smartcard/scard/winscarddll.c" | |
428 | (("lib = \"libpcsclite\\.so\\.1\";") | |
429 | (simple-format #f | |
430 | "lib = \"~a\";" | |
431 | (string-append (assoc-ref inputs "pcsc-lite") | |
432 | "/lib/libpcsclite.so.1")))) | |
433 | #t))))) | |
434 | (inputs | |
435 | `(("pcsc-lite" ,pcsc-lite))) | |
436 | (native-inputs | |
437 | `(("swig" ,swig))) | |
438 | (home-page "https://github.com/LudovicRousseau/pyscard") | |
439 | (synopsis "Smart card library for Python") | |
440 | (description | |
441 | "The pyscard smart card library is a framework for building smart card | |
442 | aware applications in Python. The smart card module is built on top of the | |
443 | PCSC API Python wrapper module.") | |
444 | (license license:lgpl2.1+))) | |
445 | ||
446 | (define-public python2-pyscard | |
447 | (package-with-python2 python-pyscard)) | |
5f7d151c CM |
448 | |
449 | (define-public libu2f-host | |
450 | (package | |
451 | (name "libu2f-host") | |
b8ae2e9e | 452 | (version "1.1.10") |
5f7d151c CM |
453 | (source (origin |
454 | (method url-fetch) | |
455 | (uri | |
456 | (string-append | |
457 | "https://developers.yubico.com" | |
458 | "/libu2f-host/Releases/libu2f-host-" version ".tar.xz")) | |
459 | (sha256 | |
460 | (base32 | |
b8ae2e9e | 461 | "0vrivl1dwql6nfi48z6dy56fwy2z13d7abgahgrs2mcmqng7hra2")))) |
5f7d151c CM |
462 | (build-system gnu-build-system) |
463 | (arguments | |
464 | `(#:configure-flags | |
465 | (list "--enable-gtk-doc" | |
466 | (string-append "--with-udevrulesdir=" | |
467 | (assoc-ref %outputs "out") | |
468 | "/lib/udev/rules.d")) | |
469 | #:phases | |
470 | (modify-phases %standard-phases | |
471 | (add-after 'unpack 'patch-docbook-xml | |
472 | (lambda* (#:key inputs #:allow-other-keys) | |
473 | ;; Avoid a network connection attempt during the build. | |
474 | (substitute* "gtk-doc/u2f-host-docs.xml" | |
475 | (("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd") | |
476 | (string-append (assoc-ref inputs "docbook-xml") | |
477 | "/xml/dtd/docbook/docbookx.dtd"))) | |
478 | #t))))) | |
479 | (inputs | |
beec29da | 480 | `(("json-c" ,json-c-0.13) |
5f7d151c CM |
481 | ("hidapi" ,hidapi))) |
482 | (native-inputs | |
483 | `(("help2man" ,help2man) | |
484 | ("gengetopt" ,gengetopt) | |
485 | ("pkg-config" ,pkg-config) | |
486 | ("gtk-doc" ,gtk-doc) | |
487 | ("docbook-xml" ,docbook-xml-4.3) | |
488 | ("eudev" ,eudev))) | |
489 | (home-page "https://developers.yubico.com/libu2f-host/") | |
490 | ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side". | |
491 | (synopsis "U2F host-side C library and tool") | |
492 | (description | |
493 | "Libu2f-host provides a C library and command-line tool that implements | |
494 | the host-side of the Universal 2nd Factor (U2F) protocol. There are APIs to | |
495 | talk to a U2F device and perform the U2F Register and U2F Authenticate | |
496 | operations.") | |
497 | ;; Most files are LGPLv2.1+, but some files are GPLv3+. | |
498 | (license (list license:lgpl2.1+ license:gpl3+)))) | |
5297e975 | 499 | |
53471636 RW |
500 | (define-public libu2f-server |
501 | (package | |
502 | (name "libu2f-server") | |
503 | (version "1.1.0") | |
504 | (source (origin | |
505 | (method git-fetch) | |
506 | (uri | |
507 | (git-reference | |
b0e7b699 | 508 | (url "https://github.com/Yubico/libu2f-server") |
53471636 RW |
509 | (commit (string-append "libu2f-server-" version)))) |
510 | (file-name (git-file-name name version)) | |
511 | (sha256 | |
512 | (base32 | |
513 | "1nmsfq372zza5y6j13ydincjf324bwfcjg950vykh166xkp6wiic")))) | |
514 | (build-system gnu-build-system) | |
515 | (arguments | |
516 | `(#:configure-flags | |
517 | (list "--enable-gtk-doc" | |
518 | "--enable-tests"))) | |
519 | (inputs | |
beec29da | 520 | `(("json-c" ,json-c-0.13) |
53471636 RW |
521 | ("libressl" ,libressl))) |
522 | (native-inputs | |
523 | `(("autoconf" ,autoconf) | |
524 | ("automake" ,automake) | |
525 | ("libtool" ,libtool) | |
526 | ("check" ,check) | |
527 | ("gengetopt" ,gengetopt) | |
528 | ("help2man" ,help2man) | |
529 | ("pkg-config" ,pkg-config) | |
530 | ("gtk-doc" ,gtk-doc) | |
531 | ("which" ,which))) | |
532 | (home-page "https://developers.yubico.com/libu2f-server/") | |
533 | ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side". | |
534 | (synopsis "U2F server-side C library") | |
535 | (description | |
536 | "This is a C library that implements the server-side of the | |
537 | @dfn{Universal 2nd Factor} (U2F) protocol. More precisely, it provides an API | |
538 | for generating the JSON blobs required by U2F devices to perform the U2F | |
539 | Registration and U2F Authentication operations, and functionality for | |
540 | verifying the cryptographic operations.") | |
541 | (license license:bsd-2))) | |
542 | ||
40645ebb RW |
543 | (define-public pam-u2f |
544 | (package | |
545 | (name "pam-u2f") | |
546 | (version "1.0.8") | |
547 | (source (origin | |
548 | (method git-fetch) | |
549 | (uri | |
550 | (git-reference | |
b0e7b699 | 551 | (url "https://github.com/Yubico/pam-u2f") |
40645ebb RW |
552 | (commit (string-append "pam_u2f-" version)))) |
553 | (file-name (git-file-name name version)) | |
554 | (sha256 | |
555 | (base32 | |
556 | "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98")))) | |
557 | (build-system gnu-build-system) | |
558 | (arguments | |
559 | `(#:configure-flags | |
560 | (list (string-append "--with-pam-dir=" | |
561 | (assoc-ref %outputs "out") "/lib/security")))) | |
562 | (inputs | |
563 | `(("libu2f-host" ,libu2f-host) | |
564 | ("libu2f-server" ,libu2f-server) | |
565 | ("linux-pam" ,linux-pam))) | |
566 | (native-inputs | |
567 | `(("autoconf" ,autoconf) | |
568 | ("automake" ,automake) | |
569 | ("libtool" ,libtool) | |
570 | ("asciidoc" ,asciidoc) | |
571 | ("pkg-config" ,pkg-config))) | |
572 | (home-page "https://developers.yubico.com/pam-u2f/") | |
573 | (synopsis "PAM module for U2F authentication") | |
574 | (description | |
575 | "This package provides a module implementing PAM over U2F, providing an | |
576 | easy way to integrate the YubiKey (or other U2F compliant authenticators) into | |
577 | your existing infrastructure.") | |
578 | (license license:bsd-2))) | |
579 | ||
5297e975 CM |
580 | (define-public python-fido2 |
581 | (package | |
582 | (name "python-fido2") | |
583 | (version "0.5.0") | |
584 | (source (origin | |
585 | (method url-fetch) | |
586 | (uri | |
587 | (string-append | |
588 | "https://github.com/Yubico/python-fido2/releases/download/" | |
589 | version "/fido2-" version ".tar.gz")) | |
590 | (sha256 | |
591 | (base32 | |
592 | "1pl8d2pr6jzqj4y9qiaddhjgnl92kikjxy0bgzm2jshkzzic8mp3")) | |
593 | (snippet | |
594 | ;; Remove bundled dependency. | |
595 | #~(delete-file "fido2/public_suffix_list.dat")))) | |
596 | (build-system python-build-system) | |
597 | (arguments | |
598 | `(#:phases | |
599 | (modify-phases %standard-phases | |
600 | (add-after 'unpack 'install-public-suffix-list | |
601 | (lambda* (#:key inputs #:allow-other-keys) | |
602 | (copy-file | |
603 | (string-append (assoc-ref inputs "public-suffix-list") | |
604 | "/share/public-suffix-list-" | |
605 | ,(package-version public-suffix-list) | |
606 | "/public_suffix_list.dat") | |
607 | "fido2/public_suffix_list.dat") | |
608 | #t))))) | |
609 | (propagated-inputs | |
610 | `(("python-cryptography" ,python-cryptography) | |
611 | ("python-six" ,python-six))) | |
612 | (native-inputs | |
613 | `(("python-mock" ,python-mock) | |
614 | ("python-pyfakefs" ,python-pyfakefs) | |
615 | ("public-suffix-list" ,public-suffix-list))) | |
616 | (home-page "https://github.com/Yubico/python-fido2") | |
617 | (synopsis "Python library for communicating with FIDO devices over USB") | |
618 | (description | |
619 | "This Python library provides functionality for communicating with a Fast | |
620 | IDentity Online (FIDO) device over Universal Serial Bus (USB) as well as | |
621 | verifying attestation and assertion signatures. It aims to support the FIDO | |
622 | Universal 2nd Factor (U2F) and FIDO 2.0 protocols for communicating with a USB | |
623 | authenticator via the Client-to-Authenticator Protocol (CTAP 1 and 2). In | |
624 | addition to this low-level device access, classes defined in the | |
625 | @code{fido2.client} and @code{fido2.server} modules implement higher level | |
626 | operations which are useful when interfacing with an Authenticator, or when | |
627 | implementing a Relying Party.") | |
628 | ;; python-fido2 contains some derivative files originally from pyu2f | |
629 | ;; (https://github.com/google/pyu2f). These files are licensed under the | |
630 | ;; Apache License, version 2.0. The maintainers have customized these | |
631 | ;; files for internal use, so they are not really a bundled dependency. | |
632 | (license (list license:bsd-2 license:asl2.0)))) | |
633 | ||
47288061 CM |
634 | (define-public python-yubikey-manager |
635 | (package | |
636 | (name "python-yubikey-manager") | |
637 | (version "2.1.0") | |
638 | (source (origin | |
639 | (method url-fetch) | |
640 | (uri (string-append | |
641 | "https://developers.yubico.com/yubikey-manager/Releases" | |
642 | "/yubikey-manager-" version ".tar.gz")) | |
643 | (sha256 | |
644 | (base32 | |
645 | "11rsmcaj60k3y5m5gdhr2nbbz0w5dm3m04klyxz0fh5hnpcmr7fm")))) | |
646 | (build-system python-build-system) | |
647 | (propagated-inputs | |
648 | `(("python-six" ,python-six) | |
649 | ("python-pyscard" ,python-pyscard) | |
650 | ("python-pyusb" ,python-pyusb) | |
651 | ("python-click" ,python-click) | |
652 | ("python-cryptography" ,python-cryptography) | |
653 | ("python-pyopenssl" ,python-pyopenssl) | |
654 | ("python-fido2" ,python-fido2))) | |
655 | (inputs | |
656 | `(("yubikey-personalization" ,yubikey-personalization) | |
657 | ("pcsc-lite" ,pcsc-lite) | |
658 | ("libusb" ,libusb))) | |
659 | (native-inputs | |
660 | `(("swig" ,swig) | |
661 | ("python-mock" ,python-mock))) | |
662 | (home-page "https://developers.yubico.com/yubikey-manager/") | |
663 | (synopsis "Command line tool and library for configuring a YubiKey") | |
664 | (description | |
665 | "Python library and command line tool for configuring a YubiKey. Note | |
666 | that after installing this package, you might still need to add appropriate | |
667 | udev rules to your system configuration to be able to configure the YubiKey as | |
668 | an unprivileged user.") | |
669 | (license license:bsd-2))) |