Commit | Line | Data |
---|---|---|
6036453f LC |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org> | |
58c5fb76 | 3 | ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> |
a6b256af | 4 | ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org> |
58fdab1d | 5 | ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> |
e84eb77a | 6 | ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> |
a0e63ce4 | 7 | ;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr> |
53471636 | 8 | ;;; Copyright © 2017, 2019 Ricardo Wurmus <rekado@elephly.net> |
404037f8 | 9 | ;;; Copyright © 2018, 2019 Chris Marusich <cmmarusich@gmail.com> |
fab8a9f9 | 10 | ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> |
6036453f LC |
11 | ;;; |
12 | ;;; This file is part of GNU Guix. | |
13 | ;;; | |
14 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
15 | ;;; under the terms of the GNU General Public License as published by | |
16 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
17 | ;;; your option) any later version. | |
18 | ;;; | |
19 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
20 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | ;;; GNU General Public License for more details. | |
23 | ;;; | |
24 | ;;; You should have received a copy of the GNU General Public License | |
25 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
26 | ||
f9c33960 | 27 | (define-module (gnu packages security-token) |
6036453f | 28 | #:use-module (gnu packages) |
07b1fb86 | 29 | #:use-module ((guix licenses) #:prefix license:) |
6036453f LC |
30 | #:use-module (guix packages) |
31 | #:use-module (guix download) | |
5297e975 | 32 | #:use-module (guix gexp) |
13151c32 | 33 | #:use-module (guix git-download) |
6036453f | 34 | #:use-module (guix build-system gnu) |
e84eb77a | 35 | #:use-module (guix build-system glib-or-gtk) |
404037f8 | 36 | #:use-module (guix build-system python) |
e84eb77a | 37 | #:use-module (gnu packages autotools) |
53471636 | 38 | #:use-module (gnu packages base) |
a6b256af | 39 | #:use-module (gnu packages curl) |
ba8d8820 | 40 | #:use-module (gnu packages check) |
a6706f30 | 41 | #:use-module (gnu packages docbook) |
ba8d8820 | 42 | #:use-module (gnu packages documentation) |
5297e975 | 43 | #:use-module (gnu packages dns) |
e84eb77a | 44 | #:use-module (gnu packages gettext) |
ba8d8820 | 45 | #:use-module (gnu packages graphviz) |
e84eb77a | 46 | #:use-module (gnu packages gtk) |
58fdab1d | 47 | #:use-module (gnu packages libusb) |
a6b256af | 48 | #:use-module (gnu packages linux) |
6036453f | 49 | #:use-module (gnu packages man) |
e84eb77a TD |
50 | #:use-module (gnu packages networking) |
51 | #:use-module (gnu packages cyrus-sasl) | |
aa3ad4b1 | 52 | #:use-module (gnu packages popt) |
a6706f30 | 53 | #:use-module (gnu packages readline) |
e84eb77a | 54 | #:use-module (gnu packages tls) |
ba8d8820 | 55 | #:use-module (gnu packages tex) |
a6b256af | 56 | #:use-module (gnu packages perl) |
e84eb77a | 57 | #:use-module (gnu packages pkg-config) |
404037f8 | 58 | #:use-module (gnu packages python) |
5297e975 CM |
59 | #:use-module (gnu packages python-crypto) |
60 | #:use-module (gnu packages python-xyz) | |
404037f8 | 61 | #:use-module (gnu packages swig) |
a5523942 | 62 | #:use-module (gnu packages web) |
e84eb77a | 63 | #:use-module (gnu packages xml)) |
6036453f | 64 | |
58fdab1d MB |
65 | (define-public ccid |
66 | (package | |
67 | (name "ccid") | |
2806d868 | 68 | (version "1.4.32") |
58fdab1d MB |
69 | (source (origin |
70 | (method url-fetch) | |
71 | (uri (string-append | |
01c6607a TGR |
72 | "https://ccid.apdu.fr/files/" |
73 | name "-" version ".tar.bz2")) | |
58fdab1d MB |
74 | (sha256 |
75 | (base32 | |
2806d868 | 76 | "0f8nzk7379ip4x2ii5vn6h67jyx733pq0ywnnsj2llbxi2vllpsl")))) |
58fdab1d MB |
77 | (build-system gnu-build-system) |
78 | (arguments | |
79 | `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output | |
80 | "/pcsc/drivers")) | |
81 | #:phases | |
82 | (modify-phases %standard-phases | |
83 | (add-after 'unpack 'patch-Makefile | |
84 | (lambda _ | |
85 | (substitute* "src/Makefile.in" | |
86 | (("/bin/echo") (which "echo"))) | |
87 | #t))))) | |
88 | (native-inputs | |
84c7fbfd | 89 | `(("pcsc-lite" ,pcsc-lite) ; only required for headers |
fab8a9f9 | 90 | ("perl" ,perl) |
58fdab1d MB |
91 | ("pkg-config" ,pkg-config))) |
92 | (inputs | |
fab8a9f9 | 93 | `(("libusb" ,libusb))) |
01c6607a | 94 | (home-page "https://ccid.apdu.fr/") |
58fdab1d MB |
95 | (synopsis "PC/SC driver for USB smart card devices") |
96 | (description | |
97 | "This package provides a PC/SC IFD handler implementation for devices | |
98 | compliant with the CCID and ICCD protocols. It supports a wide range of | |
99 | readers and is needed to communicate with such devices through the | |
100 | @command{pcscd} resource manager.") | |
101 | (license license:lgpl2.1+))) | |
102 | ||
e84eb77a TD |
103 | (define-public eid-mw |
104 | (package | |
105 | (name "eid-mw") | |
b6389525 | 106 | (version "4.4.27") |
13151c32 TGR |
107 | (source |
108 | (origin | |
109 | (method git-fetch) | |
110 | (uri (git-reference | |
111 | (url "https://github.com/Fedict/eid-mw") | |
112 | (commit (string-append "v" version)))) | |
4fdad3ed | 113 | (file-name (git-file-name name version)) |
13151c32 | 114 | (sha256 |
b6389525 | 115 | (base32 "17lw8iwp7h5cs3db80sysr84ffi333cf2vrhncs9l6hy6glfl2v1")))) |
e84eb77a | 116 | (build-system glib-or-gtk-build-system) |
74a83085 | 117 | (native-inputs |
e84eb77a TD |
118 | `(("autoconf" ,autoconf) |
119 | ("automake" ,automake) | |
f2d97d57 | 120 | ("gettext" ,gettext-minimal) |
e84eb77a TD |
121 | ("libtool" ,libtool) |
122 | ("pkg-config" ,pkg-config) | |
123 | ("perl" ,perl))) | |
124 | (inputs | |
125 | `(("curl" ,curl) | |
126 | ("openssl" ,openssl) | |
127 | ("gtk+" ,gtk+) | |
128 | ("pcsc-lite" ,pcsc-lite) | |
129 | ("p11-kit" ,p11-kit) | |
130 | ("libproxy" ,libproxy) | |
131 | ("libxml2" ,libxml2) | |
132 | ("cyrus-sasl" ,cyrus-sasl))) | |
133 | (arguments | |
134 | `(#:phases | |
135 | (modify-phases %standard-phases | |
080093ff TGR |
136 | (add-after 'unpack 'bootstrap |
137 | (lambda _ | |
138 | ;; configure.ac relies on ‘git --describe’ to get the version. | |
139 | ;; Patch it to just return the real version number directly. | |
140 | (substitute* "scripts/build-aux/genver.sh" | |
141 | (("/bin/sh") (which "sh")) | |
b6389525 | 142 | (("^(GITDESC=).*" _ match) (string-append match ,version "\n"))) |
080093ff | 143 | (invoke "sh" "./bootstrap.sh")))))) |
e84eb77a TD |
144 | (synopsis "Belgian eID Middleware") |
145 | (description "The Belgian eID Middleware is required to authenticate with | |
146 | online services using the Belgian electronic identity card.") | |
147 | (home-page "https://github.com/Fedict/eid-mw") | |
148 | (license license:lgpl3))) | |
149 | ||
6036453f LC |
150 | (define-public libyubikey |
151 | (package | |
152 | (name "libyubikey") | |
58c5fb76 | 153 | (version "1.13") |
6036453f LC |
154 | (source (origin |
155 | (method url-fetch) | |
156 | (uri (string-append | |
157 | "https://developers.yubico.com/yubico-c/Releases/" | |
158 | name "-" version ".tar.gz")) | |
159 | (sha256 | |
160 | (base32 | |
58c5fb76 | 161 | "009l3k2zyn06dbrlja2d4p2vfnzjhlcqxi88v02mlrnb17mx1v84")))) |
6036453f LC |
162 | (build-system gnu-build-system) |
163 | (synopsis "Development kit for the YubiKey authentication device") | |
164 | (description | |
165 | "This package contains a C library and command-line tools that make up | |
166 | the low-level development kit for the Yubico YubiKey authentication device.") | |
167 | (home-page "https://developers.yubico.com/yubico-c/") | |
07b1fb86 | 168 | (license license:bsd-2))) |
6036453f | 169 | |
2bed28f4 CB |
170 | (define-public softhsm |
171 | (package | |
172 | (name "softhsm") | |
173 | (version "2.6.1") | |
174 | (source (origin | |
175 | (method url-fetch) | |
176 | (uri (string-append | |
177 | "https://dist.opendnssec.org/source/" | |
178 | "softhsm-" version ".tar.gz")) | |
179 | (sha256 | |
180 | (base32 | |
181 | "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931")))) | |
182 | (build-system gnu-build-system) | |
183 | (arguments | |
184 | '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL | |
185 | ; engine for GOST | |
186 | (inputs | |
187 | `(("openssl" ,openssl))) | |
188 | (native-inputs | |
189 | `(("pkg-config" ,pkg-config) | |
190 | ("cppunit" ,cppunit))) | |
191 | (synopsis "Software implementation of a generic cryptographic device") | |
192 | (description | |
193 | "SoftHSM 2 is a software implementation of a generic cryptographic device | |
194 | with a PKCS #11 Cryptographic Token Interface.") | |
195 | (home-page "https://www.opendnssec.org/softhsm/") | |
196 | (license license:bsd-2))) | |
197 | ||
a6b256af MG |
198 | (define-public pcsc-lite |
199 | (package | |
200 | (name "pcsc-lite") | |
a0e63ce4 | 201 | (version "1.8.26") |
a6b256af MG |
202 | (source (origin |
203 | (method url-fetch) | |
b256ab50 TGR |
204 | (uri (string-append "https://pcsclite.apdu.fr/files/" |
205 | "pcsc-lite-" version ".tar.bz2")) | |
a6b256af MG |
206 | (sha256 |
207 | (base32 | |
a0e63ce4 | 208 | "1ndvvz0fgqwz70pijymsxmx25mzryb0zav1i8jjc067ndryvxdry")))) |
a6b256af MG |
209 | (build-system gnu-build-system) |
210 | (arguments | |
972fa870 MB |
211 | `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers" |
212 | "--disable-libsystemd"))) | |
a6b256af MG |
213 | (native-inputs |
214 | `(("perl" ,perl) ; for pod2man | |
215 | ("pkg-config" ,pkg-config))) | |
216 | (inputs | |
217 | `(("libudev" ,eudev))) | |
01c6607a | 218 | (home-page "https://pcsclite.apdu.fr/") |
a6b256af MG |
219 | (synopsis "Middleware to access a smart card using PC/SC") |
220 | (description | |
221 | "pcsc-lite provides an interface to communicate with smartcards and | |
222 | readers using the SCard API. pcsc-lite is used to connect to the PC/SC daemon | |
223 | from a client application and provide access to the desired reader.") | |
224 | (license (list license:bsd-3 ; pcsc-lite | |
a6b256af MG |
225 | license:isc ; src/strlcat.c src/strlcpy.c |
226 | license:gpl3+)))) ; src/spy/* | |
227 | ||
6036453f LC |
228 | (define-public ykclient |
229 | (package | |
230 | (name "ykclient") | |
f6b1a8f7 | 231 | (version "2.15") |
6036453f LC |
232 | (source (origin |
233 | (method url-fetch) | |
234 | (uri (string-append | |
235 | "https://developers.yubico.com/yubico-c-client/Releases/" | |
236 | name "-" version ".tar.gz")) | |
237 | (sha256 | |
238 | (base32 | |
f6b1a8f7 | 239 | "05jhx9waj3pl120ddnwap1v3bjrnbfhvf3lxs2xmhpcmwzpwsqgl")))) |
6036453f LC |
240 | (build-system gnu-build-system) |
241 | ||
242 | ;; There's just one test, and it requires network access to access | |
243 | ;; yubico.com, so skip it. | |
244 | (arguments '(#:tests? #f)) | |
245 | ||
246 | (native-inputs `(("pkg-config" ,pkg-config) | |
247 | ("help2man" ,help2man))) | |
248 | (inputs `(("curl" ,curl))) | |
249 | (synopsis "C library to validate one-time-password YubiKeys") | |
250 | (description | |
251 | "YubiKey C Client Library (libykclient) is a C library used to validate a | |
252 | one-time-password (OTP) YubiKey against Yubico’s servers. See the Yubico | |
253 | website for more information about Yubico and the YubiKey.") | |
254 | (home-page "https://developers.yubico.com/yubico-c-client/") | |
07b1fb86 | 255 | (license license:bsd-2))) |
a6706f30 CM |
256 | |
257 | (define-public opensc | |
258 | (package | |
259 | (name "opensc") | |
508d5c5f | 260 | (version "0.19.0") |
a6706f30 CM |
261 | (source (origin |
262 | (method url-fetch) | |
263 | (uri (string-append | |
264 | "https://github.com/OpenSC/OpenSC/releases/download/" | |
265 | version "/opensc-" version ".tar.gz")) | |
266 | (sha256 | |
267 | (base32 | |
508d5c5f | 268 | "09jqzl18z5qfrf4vf2nvbpdm3mphpgfkl3ww1clkaxh2z56hwnic")))) |
a6706f30 CM |
269 | (build-system gnu-build-system) |
270 | (arguments | |
271 | `(#:phases | |
272 | (modify-phases %standard-phases | |
273 | ;; By setting an absolute path here, we arrange for OpenSC to | |
274 | ;; successfully dlopen libpcsclite.so.1 by default. The user can | |
275 | ;; still override this if they want to, by specifying a custom OpenSC | |
276 | ;; configuration file at runtime. | |
277 | (add-after 'unpack 'set-default-libpcsclite.so.1-path | |
278 | (lambda* (#:key inputs #:allow-other-keys) | |
279 | (let ((libpcsclite (string-append (assoc-ref inputs "pcsc-lite") | |
280 | "/lib/libpcsclite.so.1"))) | |
281 | (substitute* "configure" | |
282 | (("DEFAULT_PCSC_PROVIDER=\"libpcsclite\\.so\\.1\"") | |
283 | (string-append | |
284 | "DEFAULT_PCSC_PROVIDER=\"" libpcsclite "\""))) | |
bfd99572 | 285 | #t)))))) |
a6706f30 CM |
286 | (inputs |
287 | `(("readline" ,readline) | |
288 | ("openssl" ,openssl) | |
289 | ("pcsc-lite" ,pcsc-lite) | |
290 | ("ccid" ,ccid))) | |
291 | (native-inputs | |
292 | `(("libxslt" ,libxslt) | |
293 | ("docbook-xsl" ,docbook-xsl) | |
294 | ("pkg-config" ,pkg-config))) | |
295 | (home-page "https://github.com/OpenSC/OpenSC/wiki") | |
296 | (synopsis "Tools and libraries related to smart cards") | |
297 | (description | |
298 | "OpenSC is a set of software tools and libraries to work with smart | |
299 | cards, with the focus on smart cards with cryptographic capabilities. OpenSC | |
300 | facilitate the use of smart cards in security applications such as | |
301 | authentication, encryption and digital signatures. OpenSC implements the PKCS | |
302 | #15 standard and the PKCS #11 API.") | |
303 | (license license:lgpl2.1+))) | |
ba8d8820 CM |
304 | |
305 | (define-public yubico-piv-tool | |
306 | (package | |
307 | (name "yubico-piv-tool") | |
574e2ee8 | 308 | (version "1.6.1") |
ba8d8820 CM |
309 | (source (origin |
310 | (method url-fetch) | |
311 | (uri (string-append | |
312 | "https://developers.yubico.com/yubico-piv-tool/Releases/" | |
313 | name "-" version ".tar.gz")) | |
314 | (sha256 | |
315 | (base32 | |
574e2ee8 | 316 | "10xgdc51xvszkxmsvqnbjs8ixxz7rfnfahh3wn8glllynmszbhwi")))) |
ba8d8820 CM |
317 | (build-system gnu-build-system) |
318 | (inputs | |
aa3ad4b1 MB |
319 | `(("gengetopt" ,gengetopt) |
320 | ("perl" ,perl) | |
ba8d8820 CM |
321 | ("pcsc-lite" ,pcsc-lite) |
322 | ("openssl" ,openssl))) | |
323 | (native-inputs | |
324 | `(("doxygen" ,doxygen) | |
325 | ("graphviz" ,graphviz) | |
aa3ad4b1 | 326 | ("help2man" ,help2man) |
ba8d8820 CM |
327 | ("check" ,check) |
328 | ("texlive-bin" ,texlive-bin) | |
329 | ("pkg-config" ,pkg-config))) | |
330 | (home-page "https://developers.yubico.com/yubico-piv-tool/") | |
331 | (synopsis "Interact with the PIV application on a YubiKey") | |
332 | (description | |
333 | "The Yubico PIV tool is used for interacting with the Privilege and | |
334 | Identification Card (PIV) application on a YubiKey. With it you may generate | |
335 | keys on the device, import keys and certificates, create certificate requests, | |
336 | and other operations. It includes a library and a command-line tool.") | |
337 | ;; The file ykcs11/pkcs11.h also declares an additional, very short free | |
338 | ;; license for that one file. Please see it for details. The vast | |
339 | ;; majority of files are licensed under bsd-2. | |
340 | (license license:bsd-2))) | |
a5523942 CM |
341 | |
342 | (define-public yubikey-personalization | |
343 | (package | |
344 | (name "yubikey-personalization") | |
a9203c23 | 345 | (version "1.19.3") |
a5523942 CM |
346 | (source (origin |
347 | (method url-fetch) | |
348 | (uri (string-append | |
349 | "https://developers.yubico.com/" name | |
350 | "/Releases/ykpers-" version ".tar.gz")) | |
351 | (sha256 | |
352 | (base32 | |
a9203c23 | 353 | "0jhvnavjrpwzmmjcw486df5s48j53njqgyz36yz3dskbaz3kwlfr")))) |
a5523942 CM |
354 | (build-system gnu-build-system) |
355 | (arguments | |
356 | '(#:configure-flags (list (string-append "--with-udevrulesdir=" | |
357 | (assoc-ref %outputs "out") | |
358 | "/lib/udev/rules.d")))) | |
359 | (inputs | |
beec29da | 360 | `(("json-c" ,json-c-0.13) |
a5523942 CM |
361 | ("libusb" ,libusb) |
362 | ;; The library "libyubikey" is also known as "yubico-c". | |
363 | ("libyubikey" ,libyubikey))) | |
364 | (native-inputs | |
365 | `(("pkg-config" ,pkg-config) | |
366 | ("eudev" ,eudev))) | |
367 | (home-page "https://developers.yubico.com/yubikey-personalization/") | |
368 | (synopsis "Library and tools to personalize YubiKeys") | |
369 | (description | |
370 | "The YubiKey Personalization package contains a C library and command | |
371 | line tools for personalizing YubiKeys. You can use these to set an AES key, | |
372 | retrieve a YubiKey's serial number, and so forth.") | |
373 | (license license:bsd-2))) | |
404037f8 CM |
374 | |
375 | (define-public python-pyscard | |
376 | (package | |
377 | (name "python-pyscard") | |
8a8e4491 | 378 | (version "1.9.9") |
404037f8 CM |
379 | (source (origin |
380 | (method url-fetch) | |
381 | ;; The maintainer publishes releases on various sites, but | |
382 | ;; SourceForge is apparently the only one with a signed release. | |
383 | (uri (string-append | |
384 | "mirror://sourceforge/pyscard/pyscard/pyscard%20" | |
385 | version "/pyscard-" version ".tar.gz")) | |
386 | (sha256 | |
387 | (base32 | |
8a8e4491 | 388 | "082cjkbxadaz2jb4rbhr0mkrirzlqyqhcf3r823qb0q1k50ybgg6")))) |
404037f8 CM |
389 | (build-system python-build-system) |
390 | (arguments | |
391 | `(#:phases | |
392 | (modify-phases %standard-phases | |
393 | ;; Tell pyscard where to find the PCSC include directory. | |
394 | (add-after 'unpack 'patch-platform-include-dirs | |
395 | (lambda* (#:key inputs #:allow-other-keys) | |
396 | (let ((pcsc-include-dir (string-append | |
397 | (assoc-ref inputs "pcsc-lite") | |
398 | "/include/PCSC"))) | |
399 | (substitute* "setup.py" | |
400 | (("platform_include_dirs = \\[.*?\\]") | |
401 | (string-append | |
402 | "platform_include_dirs = ['" pcsc-include-dir "']"))) | |
403 | #t))) | |
404 | ;; pyscard wants to dlopen libpcsclite, so tell it where it is. | |
405 | (add-after 'unpack 'patch-dlopen | |
406 | (lambda* (#:key inputs #:allow-other-keys) | |
407 | (substitute* "smartcard/scard/winscarddll.c" | |
408 | (("lib = \"libpcsclite\\.so\\.1\";") | |
409 | (simple-format #f | |
410 | "lib = \"~a\";" | |
411 | (string-append (assoc-ref inputs "pcsc-lite") | |
412 | "/lib/libpcsclite.so.1")))) | |
413 | #t))))) | |
414 | (inputs | |
415 | `(("pcsc-lite" ,pcsc-lite))) | |
416 | (native-inputs | |
417 | `(("swig" ,swig))) | |
418 | (home-page "https://github.com/LudovicRousseau/pyscard") | |
419 | (synopsis "Smart card library for Python") | |
420 | (description | |
421 | "The pyscard smart card library is a framework for building smart card | |
422 | aware applications in Python. The smart card module is built on top of the | |
423 | PCSC API Python wrapper module.") | |
424 | (license license:lgpl2.1+))) | |
425 | ||
426 | (define-public python2-pyscard | |
427 | (package-with-python2 python-pyscard)) | |
5f7d151c CM |
428 | |
429 | (define-public libu2f-host | |
430 | (package | |
431 | (name "libu2f-host") | |
b8ae2e9e | 432 | (version "1.1.10") |
5f7d151c CM |
433 | (source (origin |
434 | (method url-fetch) | |
435 | (uri | |
436 | (string-append | |
437 | "https://developers.yubico.com" | |
438 | "/libu2f-host/Releases/libu2f-host-" version ".tar.xz")) | |
439 | (sha256 | |
440 | (base32 | |
b8ae2e9e | 441 | "0vrivl1dwql6nfi48z6dy56fwy2z13d7abgahgrs2mcmqng7hra2")))) |
5f7d151c CM |
442 | (build-system gnu-build-system) |
443 | (arguments | |
444 | `(#:configure-flags | |
445 | (list "--enable-gtk-doc" | |
446 | (string-append "--with-udevrulesdir=" | |
447 | (assoc-ref %outputs "out") | |
448 | "/lib/udev/rules.d")) | |
449 | #:phases | |
450 | (modify-phases %standard-phases | |
451 | (add-after 'unpack 'patch-docbook-xml | |
452 | (lambda* (#:key inputs #:allow-other-keys) | |
453 | ;; Avoid a network connection attempt during the build. | |
454 | (substitute* "gtk-doc/u2f-host-docs.xml" | |
455 | (("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd") | |
456 | (string-append (assoc-ref inputs "docbook-xml") | |
457 | "/xml/dtd/docbook/docbookx.dtd"))) | |
458 | #t))))) | |
459 | (inputs | |
beec29da | 460 | `(("json-c" ,json-c-0.13) |
5f7d151c CM |
461 | ("hidapi" ,hidapi))) |
462 | (native-inputs | |
463 | `(("help2man" ,help2man) | |
464 | ("gengetopt" ,gengetopt) | |
465 | ("pkg-config" ,pkg-config) | |
466 | ("gtk-doc" ,gtk-doc) | |
467 | ("docbook-xml" ,docbook-xml-4.3) | |
468 | ("eudev" ,eudev))) | |
469 | (home-page "https://developers.yubico.com/libu2f-host/") | |
470 | ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side". | |
471 | (synopsis "U2F host-side C library and tool") | |
472 | (description | |
473 | "Libu2f-host provides a C library and command-line tool that implements | |
474 | the host-side of the Universal 2nd Factor (U2F) protocol. There are APIs to | |
475 | talk to a U2F device and perform the U2F Register and U2F Authenticate | |
476 | operations.") | |
477 | ;; Most files are LGPLv2.1+, but some files are GPLv3+. | |
478 | (license (list license:lgpl2.1+ license:gpl3+)))) | |
5297e975 | 479 | |
53471636 RW |
480 | (define-public libu2f-server |
481 | (package | |
482 | (name "libu2f-server") | |
483 | (version "1.1.0") | |
484 | (source (origin | |
485 | (method git-fetch) | |
486 | (uri | |
487 | (git-reference | |
b0e7b699 | 488 | (url "https://github.com/Yubico/libu2f-server") |
53471636 RW |
489 | (commit (string-append "libu2f-server-" version)))) |
490 | (file-name (git-file-name name version)) | |
491 | (sha256 | |
492 | (base32 | |
493 | "1nmsfq372zza5y6j13ydincjf324bwfcjg950vykh166xkp6wiic")))) | |
494 | (build-system gnu-build-system) | |
495 | (arguments | |
496 | `(#:configure-flags | |
497 | (list "--enable-gtk-doc" | |
498 | "--enable-tests"))) | |
499 | (inputs | |
beec29da | 500 | `(("json-c" ,json-c-0.13) |
53471636 RW |
501 | ("libressl" ,libressl))) |
502 | (native-inputs | |
503 | `(("autoconf" ,autoconf) | |
504 | ("automake" ,automake) | |
505 | ("libtool" ,libtool) | |
506 | ("check" ,check) | |
507 | ("gengetopt" ,gengetopt) | |
508 | ("help2man" ,help2man) | |
509 | ("pkg-config" ,pkg-config) | |
510 | ("gtk-doc" ,gtk-doc) | |
511 | ("which" ,which))) | |
512 | (home-page "https://developers.yubico.com/libu2f-server/") | |
513 | ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side". | |
514 | (synopsis "U2F server-side C library") | |
515 | (description | |
516 | "This is a C library that implements the server-side of the | |
517 | @dfn{Universal 2nd Factor} (U2F) protocol. More precisely, it provides an API | |
518 | for generating the JSON blobs required by U2F devices to perform the U2F | |
519 | Registration and U2F Authentication operations, and functionality for | |
520 | verifying the cryptographic operations.") | |
521 | (license license:bsd-2))) | |
522 | ||
40645ebb RW |
523 | (define-public pam-u2f |
524 | (package | |
525 | (name "pam-u2f") | |
526 | (version "1.0.8") | |
527 | (source (origin | |
528 | (method git-fetch) | |
529 | (uri | |
530 | (git-reference | |
b0e7b699 | 531 | (url "https://github.com/Yubico/pam-u2f") |
40645ebb RW |
532 | (commit (string-append "pam_u2f-" version)))) |
533 | (file-name (git-file-name name version)) | |
534 | (sha256 | |
535 | (base32 | |
536 | "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98")))) | |
537 | (build-system gnu-build-system) | |
538 | (arguments | |
539 | `(#:configure-flags | |
540 | (list (string-append "--with-pam-dir=" | |
541 | (assoc-ref %outputs "out") "/lib/security")))) | |
542 | (inputs | |
543 | `(("libu2f-host" ,libu2f-host) | |
544 | ("libu2f-server" ,libu2f-server) | |
545 | ("linux-pam" ,linux-pam))) | |
546 | (native-inputs | |
547 | `(("autoconf" ,autoconf) | |
548 | ("automake" ,automake) | |
549 | ("libtool" ,libtool) | |
550 | ("asciidoc" ,asciidoc) | |
551 | ("pkg-config" ,pkg-config))) | |
552 | (home-page "https://developers.yubico.com/pam-u2f/") | |
553 | (synopsis "PAM module for U2F authentication") | |
554 | (description | |
555 | "This package provides a module implementing PAM over U2F, providing an | |
556 | easy way to integrate the YubiKey (or other U2F compliant authenticators) into | |
557 | your existing infrastructure.") | |
558 | (license license:bsd-2))) | |
559 | ||
5297e975 CM |
560 | (define-public python-fido2 |
561 | (package | |
562 | (name "python-fido2") | |
563 | (version "0.5.0") | |
564 | (source (origin | |
565 | (method url-fetch) | |
566 | (uri | |
567 | (string-append | |
568 | "https://github.com/Yubico/python-fido2/releases/download/" | |
569 | version "/fido2-" version ".tar.gz")) | |
570 | (sha256 | |
571 | (base32 | |
572 | "1pl8d2pr6jzqj4y9qiaddhjgnl92kikjxy0bgzm2jshkzzic8mp3")) | |
573 | (snippet | |
574 | ;; Remove bundled dependency. | |
575 | #~(delete-file "fido2/public_suffix_list.dat")))) | |
576 | (build-system python-build-system) | |
577 | (arguments | |
578 | `(#:phases | |
579 | (modify-phases %standard-phases | |
580 | (add-after 'unpack 'install-public-suffix-list | |
581 | (lambda* (#:key inputs #:allow-other-keys) | |
582 | (copy-file | |
583 | (string-append (assoc-ref inputs "public-suffix-list") | |
584 | "/share/public-suffix-list-" | |
585 | ,(package-version public-suffix-list) | |
586 | "/public_suffix_list.dat") | |
587 | "fido2/public_suffix_list.dat") | |
588 | #t))))) | |
589 | (propagated-inputs | |
590 | `(("python-cryptography" ,python-cryptography) | |
591 | ("python-six" ,python-six))) | |
592 | (native-inputs | |
593 | `(("python-mock" ,python-mock) | |
594 | ("python-pyfakefs" ,python-pyfakefs) | |
595 | ("public-suffix-list" ,public-suffix-list))) | |
596 | (home-page "https://github.com/Yubico/python-fido2") | |
597 | (synopsis "Python library for communicating with FIDO devices over USB") | |
598 | (description | |
599 | "This Python library provides functionality for communicating with a Fast | |
600 | IDentity Online (FIDO) device over Universal Serial Bus (USB) as well as | |
601 | verifying attestation and assertion signatures. It aims to support the FIDO | |
602 | Universal 2nd Factor (U2F) and FIDO 2.0 protocols for communicating with a USB | |
603 | authenticator via the Client-to-Authenticator Protocol (CTAP 1 and 2). In | |
604 | addition to this low-level device access, classes defined in the | |
605 | @code{fido2.client} and @code{fido2.server} modules implement higher level | |
606 | operations which are useful when interfacing with an Authenticator, or when | |
607 | implementing a Relying Party.") | |
608 | ;; python-fido2 contains some derivative files originally from pyu2f | |
609 | ;; (https://github.com/google/pyu2f). These files are licensed under the | |
610 | ;; Apache License, version 2.0. The maintainers have customized these | |
611 | ;; files for internal use, so they are not really a bundled dependency. | |
612 | (license (list license:bsd-2 license:asl2.0)))) | |
613 | ||
614 | (define-public python2-fido2 | |
615 | (package-with-python2 python-fido2)) | |
47288061 CM |
616 | |
617 | (define-public python-yubikey-manager | |
618 | (package | |
619 | (name "python-yubikey-manager") | |
620 | (version "2.1.0") | |
621 | (source (origin | |
622 | (method url-fetch) | |
623 | (uri (string-append | |
624 | "https://developers.yubico.com/yubikey-manager/Releases" | |
625 | "/yubikey-manager-" version ".tar.gz")) | |
626 | (sha256 | |
627 | (base32 | |
628 | "11rsmcaj60k3y5m5gdhr2nbbz0w5dm3m04klyxz0fh5hnpcmr7fm")))) | |
629 | (build-system python-build-system) | |
630 | (propagated-inputs | |
631 | `(("python-six" ,python-six) | |
632 | ("python-pyscard" ,python-pyscard) | |
633 | ("python-pyusb" ,python-pyusb) | |
634 | ("python-click" ,python-click) | |
635 | ("python-cryptography" ,python-cryptography) | |
636 | ("python-pyopenssl" ,python-pyopenssl) | |
637 | ("python-fido2" ,python-fido2))) | |
638 | (inputs | |
639 | `(("yubikey-personalization" ,yubikey-personalization) | |
640 | ("pcsc-lite" ,pcsc-lite) | |
641 | ("libusb" ,libusb))) | |
642 | (native-inputs | |
643 | `(("swig" ,swig) | |
644 | ("python-mock" ,python-mock))) | |
645 | (home-page "https://developers.yubico.com/yubikey-manager/") | |
646 | (synopsis "Command line tool and library for configuring a YubiKey") | |
647 | (description | |
648 | "Python library and command line tool for configuring a YubiKey. Note | |
649 | that after installing this package, you might still need to add appropriate | |
650 | udev rules to your system configuration to be able to configure the YubiKey as | |
651 | an unprivileged user.") | |
652 | (license license:bsd-2))) | |
653 | ||
654 | (define-public python2-yubikey-manager | |
655 | (package-with-python2 python-yubikey-manager)) |