Commit | Line | Data |
---|---|---|
6036453f LC |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org> | |
58c5fb76 | 3 | ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> |
a6b256af | 4 | ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org> |
58fdab1d | 5 | ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> |
e84eb77a | 6 | ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> |
249deec9 | 7 | ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
53471636 | 8 | ;;; Copyright © 2017, 2019 Ricardo Wurmus <rekado@elephly.net> |
404037f8 | 9 | ;;; Copyright © 2018, 2019 Chris Marusich <cmmarusich@gmail.com> |
fab8a9f9 | 10 | ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> |
6036453f LC |
11 | ;;; |
12 | ;;; This file is part of GNU Guix. | |
13 | ;;; | |
14 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
15 | ;;; under the terms of the GNU General Public License as published by | |
16 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
17 | ;;; your option) any later version. | |
18 | ;;; | |
19 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
20 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | ;;; GNU General Public License for more details. | |
23 | ;;; | |
24 | ;;; You should have received a copy of the GNU General Public License | |
25 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
26 | ||
f9c33960 | 27 | (define-module (gnu packages security-token) |
6036453f | 28 | #:use-module (gnu packages) |
07b1fb86 | 29 | #:use-module ((guix licenses) #:prefix license:) |
6036453f LC |
30 | #:use-module (guix packages) |
31 | #:use-module (guix download) | |
5297e975 | 32 | #:use-module (guix gexp) |
13151c32 | 33 | #:use-module (guix git-download) |
6036453f | 34 | #:use-module (guix build-system gnu) |
e84eb77a | 35 | #:use-module (guix build-system glib-or-gtk) |
404037f8 | 36 | #:use-module (guix build-system python) |
e84eb77a | 37 | #:use-module (gnu packages autotools) |
53471636 | 38 | #:use-module (gnu packages base) |
a6b256af | 39 | #:use-module (gnu packages curl) |
ba8d8820 | 40 | #:use-module (gnu packages check) |
a6706f30 | 41 | #:use-module (gnu packages docbook) |
ba8d8820 | 42 | #:use-module (gnu packages documentation) |
5297e975 | 43 | #:use-module (gnu packages dns) |
e84eb77a | 44 | #:use-module (gnu packages gettext) |
ba8d8820 | 45 | #:use-module (gnu packages graphviz) |
e84eb77a | 46 | #:use-module (gnu packages gtk) |
58fdab1d | 47 | #:use-module (gnu packages libusb) |
a6b256af | 48 | #:use-module (gnu packages linux) |
6036453f | 49 | #:use-module (gnu packages man) |
e84eb77a TD |
50 | #:use-module (gnu packages networking) |
51 | #:use-module (gnu packages cyrus-sasl) | |
aa3ad4b1 | 52 | #:use-module (gnu packages popt) |
a6706f30 | 53 | #:use-module (gnu packages readline) |
e84eb77a | 54 | #:use-module (gnu packages tls) |
ba8d8820 | 55 | #:use-module (gnu packages tex) |
a6b256af | 56 | #:use-module (gnu packages perl) |
e84eb77a | 57 | #:use-module (gnu packages pkg-config) |
404037f8 | 58 | #:use-module (gnu packages python) |
5297e975 CM |
59 | #:use-module (gnu packages python-crypto) |
60 | #:use-module (gnu packages python-xyz) | |
404037f8 | 61 | #:use-module (gnu packages swig) |
a5523942 | 62 | #:use-module (gnu packages web) |
e84eb77a | 63 | #:use-module (gnu packages xml)) |
6036453f | 64 | |
58fdab1d MB |
65 | (define-public ccid |
66 | (package | |
67 | (name "ccid") | |
da926c25 | 68 | (version "1.4.31") |
58fdab1d MB |
69 | (source (origin |
70 | (method url-fetch) | |
71 | (uri (string-append | |
01c6607a TGR |
72 | "https://ccid.apdu.fr/files/" |
73 | name "-" version ".tar.bz2")) | |
58fdab1d MB |
74 | (sha256 |
75 | (base32 | |
da926c25 | 76 | "1xz8ikr6vk73w3xnwb931yq8lqc1zrj8c3v34n6h63irwjvdfj3b")))) |
58fdab1d MB |
77 | (build-system gnu-build-system) |
78 | (arguments | |
79 | `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output | |
80 | "/pcsc/drivers")) | |
81 | #:phases | |
82 | (modify-phases %standard-phases | |
83 | (add-after 'unpack 'patch-Makefile | |
84 | (lambda _ | |
85 | (substitute* "src/Makefile.in" | |
86 | (("/bin/echo") (which "echo"))) | |
87 | #t))))) | |
88 | (native-inputs | |
84c7fbfd | 89 | `(("pcsc-lite" ,pcsc-lite) ; only required for headers |
fab8a9f9 | 90 | ("perl" ,perl) |
58fdab1d MB |
91 | ("pkg-config" ,pkg-config))) |
92 | (inputs | |
fab8a9f9 | 93 | `(("libusb" ,libusb))) |
01c6607a | 94 | (home-page "https://ccid.apdu.fr/") |
58fdab1d MB |
95 | (synopsis "PC/SC driver for USB smart card devices") |
96 | (description | |
97 | "This package provides a PC/SC IFD handler implementation for devices | |
98 | compliant with the CCID and ICCD protocols. It supports a wide range of | |
99 | readers and is needed to communicate with such devices through the | |
100 | @command{pcscd} resource manager.") | |
101 | (license license:lgpl2.1+))) | |
102 | ||
e84eb77a TD |
103 | (define-public eid-mw |
104 | (package | |
105 | (name "eid-mw") | |
51058cb2 | 106 | (version "4.4.23") |
13151c32 TGR |
107 | (source |
108 | (origin | |
109 | (method git-fetch) | |
110 | (uri (git-reference | |
111 | (url "https://github.com/Fedict/eid-mw") | |
112 | (commit (string-append "v" version)))) | |
4fdad3ed | 113 | (file-name (git-file-name name version)) |
13151c32 | 114 | (sha256 |
51058cb2 | 115 | (base32 "0kf147zxsp5ilghr46hjxa2nsikhv8198n04q81qzn9zln69av04")))) |
e84eb77a | 116 | (build-system glib-or-gtk-build-system) |
74a83085 | 117 | (native-inputs |
e84eb77a TD |
118 | `(("autoconf" ,autoconf) |
119 | ("automake" ,automake) | |
120 | ("gettext" ,gnu-gettext) | |
121 | ("libtool" ,libtool) | |
122 | ("pkg-config" ,pkg-config) | |
123 | ("perl" ,perl))) | |
124 | (inputs | |
125 | `(("curl" ,curl) | |
126 | ("openssl" ,openssl) | |
127 | ("gtk+" ,gtk+) | |
128 | ("pcsc-lite" ,pcsc-lite) | |
129 | ("p11-kit" ,p11-kit) | |
130 | ("libproxy" ,libproxy) | |
131 | ("libxml2" ,libxml2) | |
132 | ("cyrus-sasl" ,cyrus-sasl))) | |
133 | (arguments | |
134 | `(#:phases | |
135 | (modify-phases %standard-phases | |
080093ff TGR |
136 | (add-after 'unpack 'bootstrap |
137 | (lambda _ | |
138 | ;; configure.ac relies on ‘git --describe’ to get the version. | |
139 | ;; Patch it to just return the real version number directly. | |
140 | (substitute* "scripts/build-aux/genver.sh" | |
141 | (("/bin/sh") (which "sh")) | |
249deec9 | 142 | (("^(GITDESC=).*" match) (string-append match ,version "\n"))) |
080093ff | 143 | (invoke "sh" "./bootstrap.sh")))))) |
e84eb77a TD |
144 | (synopsis "Belgian eID Middleware") |
145 | (description "The Belgian eID Middleware is required to authenticate with | |
146 | online services using the Belgian electronic identity card.") | |
147 | (home-page "https://github.com/Fedict/eid-mw") | |
148 | (license license:lgpl3))) | |
149 | ||
6036453f LC |
150 | (define-public libyubikey |
151 | (package | |
152 | (name "libyubikey") | |
58c5fb76 | 153 | (version "1.13") |
6036453f LC |
154 | (source (origin |
155 | (method url-fetch) | |
156 | (uri (string-append | |
157 | "https://developers.yubico.com/yubico-c/Releases/" | |
158 | name "-" version ".tar.gz")) | |
159 | (sha256 | |
160 | (base32 | |
58c5fb76 | 161 | "009l3k2zyn06dbrlja2d4p2vfnzjhlcqxi88v02mlrnb17mx1v84")))) |
6036453f LC |
162 | (build-system gnu-build-system) |
163 | (synopsis "Development kit for the YubiKey authentication device") | |
164 | (description | |
165 | "This package contains a C library and command-line tools that make up | |
166 | the low-level development kit for the Yubico YubiKey authentication device.") | |
167 | (home-page "https://developers.yubico.com/yubico-c/") | |
07b1fb86 | 168 | (license license:bsd-2))) |
6036453f | 169 | |
a6b256af MG |
170 | (define-public pcsc-lite |
171 | (package | |
172 | (name "pcsc-lite") | |
ee74a076 | 173 | (version "1.8.25") |
a6b256af MG |
174 | (source (origin |
175 | (method url-fetch) | |
176 | (uri (string-append | |
01c6607a TGR |
177 | "https://pcsclite.apdu.fr/files/" |
178 | name "-" version ".tar.bz2")) | |
a6b256af MG |
179 | (sha256 |
180 | (base32 | |
ee74a076 | 181 | "14l7irs1nsh8b036ag4cfy8wryyysch78scz5dw6xxqwqgnpjvfp")))) |
a6b256af MG |
182 | (build-system gnu-build-system) |
183 | (arguments | |
972fa870 MB |
184 | `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers" |
185 | "--disable-libsystemd"))) | |
a6b256af MG |
186 | (native-inputs |
187 | `(("perl" ,perl) ; for pod2man | |
188 | ("pkg-config" ,pkg-config))) | |
189 | (inputs | |
190 | `(("libudev" ,eudev))) | |
01c6607a | 191 | (home-page "https://pcsclite.apdu.fr/") |
a6b256af MG |
192 | (synopsis "Middleware to access a smart card using PC/SC") |
193 | (description | |
194 | "pcsc-lite provides an interface to communicate with smartcards and | |
195 | readers using the SCard API. pcsc-lite is used to connect to the PC/SC daemon | |
196 | from a client application and provide access to the desired reader.") | |
197 | (license (list license:bsd-3 ; pcsc-lite | |
a6b256af MG |
198 | license:isc ; src/strlcat.c src/strlcpy.c |
199 | license:gpl3+)))) ; src/spy/* | |
200 | ||
6036453f LC |
201 | (define-public ykclient |
202 | (package | |
203 | (name "ykclient") | |
f6b1a8f7 | 204 | (version "2.15") |
6036453f LC |
205 | (source (origin |
206 | (method url-fetch) | |
207 | (uri (string-append | |
208 | "https://developers.yubico.com/yubico-c-client/Releases/" | |
209 | name "-" version ".tar.gz")) | |
210 | (sha256 | |
211 | (base32 | |
f6b1a8f7 | 212 | "05jhx9waj3pl120ddnwap1v3bjrnbfhvf3lxs2xmhpcmwzpwsqgl")))) |
6036453f LC |
213 | (build-system gnu-build-system) |
214 | ||
215 | ;; There's just one test, and it requires network access to access | |
216 | ;; yubico.com, so skip it. | |
217 | (arguments '(#:tests? #f)) | |
218 | ||
219 | (native-inputs `(("pkg-config" ,pkg-config) | |
220 | ("help2man" ,help2man))) | |
221 | (inputs `(("curl" ,curl))) | |
222 | (synopsis "C library to validate one-time-password YubiKeys") | |
223 | (description | |
224 | "YubiKey C Client Library (libykclient) is a C library used to validate a | |
225 | one-time-password (OTP) YubiKey against Yubico’s servers. See the Yubico | |
226 | website for more information about Yubico and the YubiKey.") | |
227 | (home-page "https://developers.yubico.com/yubico-c-client/") | |
07b1fb86 | 228 | (license license:bsd-2))) |
a6706f30 CM |
229 | |
230 | (define-public opensc | |
231 | (package | |
232 | (name "opensc") | |
508d5c5f | 233 | (version "0.19.0") |
a6706f30 CM |
234 | (source (origin |
235 | (method url-fetch) | |
236 | (uri (string-append | |
237 | "https://github.com/OpenSC/OpenSC/releases/download/" | |
238 | version "/opensc-" version ".tar.gz")) | |
239 | (sha256 | |
240 | (base32 | |
508d5c5f | 241 | "09jqzl18z5qfrf4vf2nvbpdm3mphpgfkl3ww1clkaxh2z56hwnic")))) |
a6706f30 CM |
242 | (build-system gnu-build-system) |
243 | (arguments | |
244 | `(#:phases | |
245 | (modify-phases %standard-phases | |
246 | ;; By setting an absolute path here, we arrange for OpenSC to | |
247 | ;; successfully dlopen libpcsclite.so.1 by default. The user can | |
248 | ;; still override this if they want to, by specifying a custom OpenSC | |
249 | ;; configuration file at runtime. | |
250 | (add-after 'unpack 'set-default-libpcsclite.so.1-path | |
251 | (lambda* (#:key inputs #:allow-other-keys) | |
252 | (let ((libpcsclite (string-append (assoc-ref inputs "pcsc-lite") | |
253 | "/lib/libpcsclite.so.1"))) | |
254 | (substitute* "configure" | |
255 | (("DEFAULT_PCSC_PROVIDER=\"libpcsclite\\.so\\.1\"") | |
256 | (string-append | |
257 | "DEFAULT_PCSC_PROVIDER=\"" libpcsclite "\""))) | |
5799e5ae MB |
258 | #t))) |
259 | (add-before 'check 'disable-broken-test | |
260 | (lambda _ | |
261 | ;; XXX: This test is fixed in git, remove this phase for >= 0.19. | |
262 | (substitute* "doc/tools/Makefile" | |
263 | (("TESTS = test-manpage.sh") "TESTS = ")) | |
264 | #t))))) | |
a6706f30 CM |
265 | (inputs |
266 | `(("readline" ,readline) | |
267 | ("openssl" ,openssl) | |
268 | ("pcsc-lite" ,pcsc-lite) | |
269 | ("ccid" ,ccid))) | |
270 | (native-inputs | |
271 | `(("libxslt" ,libxslt) | |
272 | ("docbook-xsl" ,docbook-xsl) | |
273 | ("pkg-config" ,pkg-config))) | |
274 | (home-page "https://github.com/OpenSC/OpenSC/wiki") | |
275 | (synopsis "Tools and libraries related to smart cards") | |
276 | (description | |
277 | "OpenSC is a set of software tools and libraries to work with smart | |
278 | cards, with the focus on smart cards with cryptographic capabilities. OpenSC | |
279 | facilitate the use of smart cards in security applications such as | |
280 | authentication, encryption and digital signatures. OpenSC implements the PKCS | |
281 | #15 standard and the PKCS #11 API.") | |
282 | (license license:lgpl2.1+))) | |
ba8d8820 CM |
283 | |
284 | (define-public yubico-piv-tool | |
285 | (package | |
286 | (name "yubico-piv-tool") | |
574e2ee8 | 287 | (version "1.6.1") |
ba8d8820 CM |
288 | (source (origin |
289 | (method url-fetch) | |
290 | (uri (string-append | |
291 | "https://developers.yubico.com/yubico-piv-tool/Releases/" | |
292 | name "-" version ".tar.gz")) | |
293 | (sha256 | |
294 | (base32 | |
574e2ee8 | 295 | "10xgdc51xvszkxmsvqnbjs8ixxz7rfnfahh3wn8glllynmszbhwi")))) |
ba8d8820 CM |
296 | (build-system gnu-build-system) |
297 | (inputs | |
aa3ad4b1 MB |
298 | `(("gengetopt" ,gengetopt) |
299 | ("perl" ,perl) | |
ba8d8820 CM |
300 | ("pcsc-lite" ,pcsc-lite) |
301 | ("openssl" ,openssl))) | |
302 | (native-inputs | |
303 | `(("doxygen" ,doxygen) | |
304 | ("graphviz" ,graphviz) | |
aa3ad4b1 | 305 | ("help2man" ,help2man) |
ba8d8820 CM |
306 | ("check" ,check) |
307 | ("texlive-bin" ,texlive-bin) | |
308 | ("pkg-config" ,pkg-config))) | |
309 | (home-page "https://developers.yubico.com/yubico-piv-tool/") | |
310 | (synopsis "Interact with the PIV application on a YubiKey") | |
311 | (description | |
312 | "The Yubico PIV tool is used for interacting with the Privilege and | |
313 | Identification Card (PIV) application on a YubiKey. With it you may generate | |
314 | keys on the device, import keys and certificates, create certificate requests, | |
315 | and other operations. It includes a library and a command-line tool.") | |
316 | ;; The file ykcs11/pkcs11.h also declares an additional, very short free | |
317 | ;; license for that one file. Please see it for details. The vast | |
318 | ;; majority of files are licensed under bsd-2. | |
319 | (license license:bsd-2))) | |
a5523942 CM |
320 | |
321 | (define-public yubikey-personalization | |
322 | (package | |
323 | (name "yubikey-personalization") | |
a9203c23 | 324 | (version "1.19.3") |
a5523942 CM |
325 | (source (origin |
326 | (method url-fetch) | |
327 | (uri (string-append | |
328 | "https://developers.yubico.com/" name | |
329 | "/Releases/ykpers-" version ".tar.gz")) | |
330 | (sha256 | |
331 | (base32 | |
a9203c23 | 332 | "0jhvnavjrpwzmmjcw486df5s48j53njqgyz36yz3dskbaz3kwlfr")))) |
a5523942 CM |
333 | (build-system gnu-build-system) |
334 | (arguments | |
335 | '(#:configure-flags (list (string-append "--with-udevrulesdir=" | |
336 | (assoc-ref %outputs "out") | |
337 | "/lib/udev/rules.d")))) | |
338 | (inputs | |
339 | `(("json-c" ,json-c) | |
340 | ("libusb" ,libusb) | |
341 | ;; The library "libyubikey" is also known as "yubico-c". | |
342 | ("libyubikey" ,libyubikey))) | |
343 | (native-inputs | |
344 | `(("pkg-config" ,pkg-config) | |
345 | ("eudev" ,eudev))) | |
346 | (home-page "https://developers.yubico.com/yubikey-personalization/") | |
347 | (synopsis "Library and tools to personalize YubiKeys") | |
348 | (description | |
349 | "The YubiKey Personalization package contains a C library and command | |
350 | line tools for personalizing YubiKeys. You can use these to set an AES key, | |
351 | retrieve a YubiKey's serial number, and so forth.") | |
352 | (license license:bsd-2))) | |
404037f8 CM |
353 | |
354 | (define-public python-pyscard | |
355 | (package | |
356 | (name "python-pyscard") | |
8a8e4491 | 357 | (version "1.9.9") |
404037f8 CM |
358 | (source (origin |
359 | (method url-fetch) | |
360 | ;; The maintainer publishes releases on various sites, but | |
361 | ;; SourceForge is apparently the only one with a signed release. | |
362 | (uri (string-append | |
363 | "mirror://sourceforge/pyscard/pyscard/pyscard%20" | |
364 | version "/pyscard-" version ".tar.gz")) | |
365 | (sha256 | |
366 | (base32 | |
8a8e4491 | 367 | "082cjkbxadaz2jb4rbhr0mkrirzlqyqhcf3r823qb0q1k50ybgg6")))) |
404037f8 CM |
368 | (build-system python-build-system) |
369 | (arguments | |
370 | `(#:phases | |
371 | (modify-phases %standard-phases | |
372 | ;; Tell pyscard where to find the PCSC include directory. | |
373 | (add-after 'unpack 'patch-platform-include-dirs | |
374 | (lambda* (#:key inputs #:allow-other-keys) | |
375 | (let ((pcsc-include-dir (string-append | |
376 | (assoc-ref inputs "pcsc-lite") | |
377 | "/include/PCSC"))) | |
378 | (substitute* "setup.py" | |
379 | (("platform_include_dirs = \\[.*?\\]") | |
380 | (string-append | |
381 | "platform_include_dirs = ['" pcsc-include-dir "']"))) | |
382 | #t))) | |
383 | ;; pyscard wants to dlopen libpcsclite, so tell it where it is. | |
384 | (add-after 'unpack 'patch-dlopen | |
385 | (lambda* (#:key inputs #:allow-other-keys) | |
386 | (substitute* "smartcard/scard/winscarddll.c" | |
387 | (("lib = \"libpcsclite\\.so\\.1\";") | |
388 | (simple-format #f | |
389 | "lib = \"~a\";" | |
390 | (string-append (assoc-ref inputs "pcsc-lite") | |
391 | "/lib/libpcsclite.so.1")))) | |
392 | #t))))) | |
393 | (inputs | |
394 | `(("pcsc-lite" ,pcsc-lite))) | |
395 | (native-inputs | |
396 | `(("swig" ,swig))) | |
397 | (home-page "https://github.com/LudovicRousseau/pyscard") | |
398 | (synopsis "Smart card library for Python") | |
399 | (description | |
400 | "The pyscard smart card library is a framework for building smart card | |
401 | aware applications in Python. The smart card module is built on top of the | |
402 | PCSC API Python wrapper module.") | |
403 | (license license:lgpl2.1+))) | |
404 | ||
405 | (define-public python2-pyscard | |
406 | (package-with-python2 python-pyscard)) | |
5f7d151c CM |
407 | |
408 | (define-public libu2f-host | |
409 | (package | |
410 | (name "libu2f-host") | |
b8ae2e9e | 411 | (version "1.1.10") |
5f7d151c CM |
412 | (source (origin |
413 | (method url-fetch) | |
414 | (uri | |
415 | (string-append | |
416 | "https://developers.yubico.com" | |
417 | "/libu2f-host/Releases/libu2f-host-" version ".tar.xz")) | |
418 | (sha256 | |
419 | (base32 | |
b8ae2e9e | 420 | "0vrivl1dwql6nfi48z6dy56fwy2z13d7abgahgrs2mcmqng7hra2")))) |
5f7d151c CM |
421 | (build-system gnu-build-system) |
422 | (arguments | |
423 | `(#:configure-flags | |
424 | (list "--enable-gtk-doc" | |
425 | (string-append "--with-udevrulesdir=" | |
426 | (assoc-ref %outputs "out") | |
427 | "/lib/udev/rules.d")) | |
428 | #:phases | |
429 | (modify-phases %standard-phases | |
430 | (add-after 'unpack 'patch-docbook-xml | |
431 | (lambda* (#:key inputs #:allow-other-keys) | |
432 | ;; Avoid a network connection attempt during the build. | |
433 | (substitute* "gtk-doc/u2f-host-docs.xml" | |
434 | (("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd") | |
435 | (string-append (assoc-ref inputs "docbook-xml") | |
436 | "/xml/dtd/docbook/docbookx.dtd"))) | |
437 | #t))))) | |
438 | (inputs | |
439 | `(("json-c" ,json-c) | |
440 | ("hidapi" ,hidapi))) | |
441 | (native-inputs | |
442 | `(("help2man" ,help2man) | |
443 | ("gengetopt" ,gengetopt) | |
444 | ("pkg-config" ,pkg-config) | |
445 | ("gtk-doc" ,gtk-doc) | |
446 | ("docbook-xml" ,docbook-xml-4.3) | |
447 | ("eudev" ,eudev))) | |
448 | (home-page "https://developers.yubico.com/libu2f-host/") | |
449 | ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side". | |
450 | (synopsis "U2F host-side C library and tool") | |
451 | (description | |
452 | "Libu2f-host provides a C library and command-line tool that implements | |
453 | the host-side of the Universal 2nd Factor (U2F) protocol. There are APIs to | |
454 | talk to a U2F device and perform the U2F Register and U2F Authenticate | |
455 | operations.") | |
456 | ;; Most files are LGPLv2.1+, but some files are GPLv3+. | |
457 | (license (list license:lgpl2.1+ license:gpl3+)))) | |
5297e975 | 458 | |
53471636 RW |
459 | (define-public libu2f-server |
460 | (package | |
461 | (name "libu2f-server") | |
462 | (version "1.1.0") | |
463 | (source (origin | |
464 | (method git-fetch) | |
465 | (uri | |
466 | (git-reference | |
467 | (url "https://github.com/Yubico/libu2f-server.git") | |
468 | (commit (string-append "libu2f-server-" version)))) | |
469 | (file-name (git-file-name name version)) | |
470 | (sha256 | |
471 | (base32 | |
472 | "1nmsfq372zza5y6j13ydincjf324bwfcjg950vykh166xkp6wiic")))) | |
473 | (build-system gnu-build-system) | |
474 | (arguments | |
475 | `(#:configure-flags | |
476 | (list "--enable-gtk-doc" | |
477 | "--enable-tests"))) | |
478 | (inputs | |
479 | `(("json-c" ,json-c) | |
480 | ("libressl" ,libressl))) | |
481 | (native-inputs | |
482 | `(("autoconf" ,autoconf) | |
483 | ("automake" ,automake) | |
484 | ("libtool" ,libtool) | |
485 | ("check" ,check) | |
486 | ("gengetopt" ,gengetopt) | |
487 | ("help2man" ,help2man) | |
488 | ("pkg-config" ,pkg-config) | |
489 | ("gtk-doc" ,gtk-doc) | |
490 | ("which" ,which))) | |
491 | (home-page "https://developers.yubico.com/libu2f-server/") | |
492 | ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side". | |
493 | (synopsis "U2F server-side C library") | |
494 | (description | |
495 | "This is a C library that implements the server-side of the | |
496 | @dfn{Universal 2nd Factor} (U2F) protocol. More precisely, it provides an API | |
497 | for generating the JSON blobs required by U2F devices to perform the U2F | |
498 | Registration and U2F Authentication operations, and functionality for | |
499 | verifying the cryptographic operations.") | |
500 | (license license:bsd-2))) | |
501 | ||
40645ebb RW |
502 | (define-public pam-u2f |
503 | (package | |
504 | (name "pam-u2f") | |
505 | (version "1.0.8") | |
506 | (source (origin | |
507 | (method git-fetch) | |
508 | (uri | |
509 | (git-reference | |
510 | (url "https://github.com/Yubico/pam-u2f.git") | |
511 | (commit (string-append "pam_u2f-" version)))) | |
512 | (file-name (git-file-name name version)) | |
513 | (sha256 | |
514 | (base32 | |
515 | "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98")))) | |
516 | (build-system gnu-build-system) | |
517 | (arguments | |
518 | `(#:configure-flags | |
519 | (list (string-append "--with-pam-dir=" | |
520 | (assoc-ref %outputs "out") "/lib/security")))) | |
521 | (inputs | |
522 | `(("libu2f-host" ,libu2f-host) | |
523 | ("libu2f-server" ,libu2f-server) | |
524 | ("linux-pam" ,linux-pam))) | |
525 | (native-inputs | |
526 | `(("autoconf" ,autoconf) | |
527 | ("automake" ,automake) | |
528 | ("libtool" ,libtool) | |
529 | ("asciidoc" ,asciidoc) | |
530 | ("pkg-config" ,pkg-config))) | |
531 | (home-page "https://developers.yubico.com/pam-u2f/") | |
532 | (synopsis "PAM module for U2F authentication") | |
533 | (description | |
534 | "This package provides a module implementing PAM over U2F, providing an | |
535 | easy way to integrate the YubiKey (or other U2F compliant authenticators) into | |
536 | your existing infrastructure.") | |
537 | (license license:bsd-2))) | |
538 | ||
5297e975 CM |
539 | (define-public python-fido2 |
540 | (package | |
541 | (name "python-fido2") | |
542 | (version "0.5.0") | |
543 | (source (origin | |
544 | (method url-fetch) | |
545 | (uri | |
546 | (string-append | |
547 | "https://github.com/Yubico/python-fido2/releases/download/" | |
548 | version "/fido2-" version ".tar.gz")) | |
549 | (sha256 | |
550 | (base32 | |
551 | "1pl8d2pr6jzqj4y9qiaddhjgnl92kikjxy0bgzm2jshkzzic8mp3")) | |
552 | (snippet | |
553 | ;; Remove bundled dependency. | |
554 | #~(delete-file "fido2/public_suffix_list.dat")))) | |
555 | (build-system python-build-system) | |
556 | (arguments | |
557 | `(#:phases | |
558 | (modify-phases %standard-phases | |
559 | (add-after 'unpack 'install-public-suffix-list | |
560 | (lambda* (#:key inputs #:allow-other-keys) | |
561 | (copy-file | |
562 | (string-append (assoc-ref inputs "public-suffix-list") | |
563 | "/share/public-suffix-list-" | |
564 | ,(package-version public-suffix-list) | |
565 | "/public_suffix_list.dat") | |
566 | "fido2/public_suffix_list.dat") | |
567 | #t))))) | |
568 | (propagated-inputs | |
569 | `(("python-cryptography" ,python-cryptography) | |
570 | ("python-six" ,python-six))) | |
571 | (native-inputs | |
572 | `(("python-mock" ,python-mock) | |
573 | ("python-pyfakefs" ,python-pyfakefs) | |
574 | ("public-suffix-list" ,public-suffix-list))) | |
575 | (home-page "https://github.com/Yubico/python-fido2") | |
576 | (synopsis "Python library for communicating with FIDO devices over USB") | |
577 | (description | |
578 | "This Python library provides functionality for communicating with a Fast | |
579 | IDentity Online (FIDO) device over Universal Serial Bus (USB) as well as | |
580 | verifying attestation and assertion signatures. It aims to support the FIDO | |
581 | Universal 2nd Factor (U2F) and FIDO 2.0 protocols for communicating with a USB | |
582 | authenticator via the Client-to-Authenticator Protocol (CTAP 1 and 2). In | |
583 | addition to this low-level device access, classes defined in the | |
584 | @code{fido2.client} and @code{fido2.server} modules implement higher level | |
585 | operations which are useful when interfacing with an Authenticator, or when | |
586 | implementing a Relying Party.") | |
587 | ;; python-fido2 contains some derivative files originally from pyu2f | |
588 | ;; (https://github.com/google/pyu2f). These files are licensed under the | |
589 | ;; Apache License, version 2.0. The maintainers have customized these | |
590 | ;; files for internal use, so they are not really a bundled dependency. | |
591 | (license (list license:bsd-2 license:asl2.0)))) | |
592 | ||
593 | (define-public python2-fido2 | |
594 | (package-with-python2 python-fido2)) | |
47288061 CM |
595 | |
596 | (define-public python-yubikey-manager | |
597 | (package | |
598 | (name "python-yubikey-manager") | |
599 | (version "2.1.0") | |
600 | (source (origin | |
601 | (method url-fetch) | |
602 | (uri (string-append | |
603 | "https://developers.yubico.com/yubikey-manager/Releases" | |
604 | "/yubikey-manager-" version ".tar.gz")) | |
605 | (sha256 | |
606 | (base32 | |
607 | "11rsmcaj60k3y5m5gdhr2nbbz0w5dm3m04klyxz0fh5hnpcmr7fm")))) | |
608 | (build-system python-build-system) | |
609 | (propagated-inputs | |
610 | `(("python-six" ,python-six) | |
611 | ("python-pyscard" ,python-pyscard) | |
612 | ("python-pyusb" ,python-pyusb) | |
613 | ("python-click" ,python-click) | |
614 | ("python-cryptography" ,python-cryptography) | |
615 | ("python-pyopenssl" ,python-pyopenssl) | |
616 | ("python-fido2" ,python-fido2))) | |
617 | (inputs | |
618 | `(("yubikey-personalization" ,yubikey-personalization) | |
619 | ("pcsc-lite" ,pcsc-lite) | |
620 | ("libusb" ,libusb))) | |
621 | (native-inputs | |
622 | `(("swig" ,swig) | |
623 | ("python-mock" ,python-mock))) | |
624 | (home-page "https://developers.yubico.com/yubikey-manager/") | |
625 | (synopsis "Command line tool and library for configuring a YubiKey") | |
626 | (description | |
627 | "Python library and command line tool for configuring a YubiKey. Note | |
628 | that after installing this package, you might still need to add appropriate | |
629 | udev rules to your system configuration to be able to configure the YubiKey as | |
630 | an unprivileged user.") | |
631 | (license license:bsd-2))) | |
632 | ||
633 | (define-public python2-yubikey-manager | |
634 | (package-with-python2 python-yubikey-manager)) |